Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-8151

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any directory, and delete CSS files in any directory in a Windows environment.

Published

2025-07-31T12:15:26.820

Last Modified

2025-08-13T19:32:22.077

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hasthemes	ht_mega	< 2.9.2	Yes

References

https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.9.1/htmega-blocks/includes/classes/Manage_Styles.php#L118 Product ([email protected])
https://plugins.trac.wordpress.org/changeset/3336533/ Patch ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/6b3e93bf-af5c-4ca3-a531-2d91df880c51?source=cve Third Party Advisory ([email protected])