CVE-2024-2790 in HT Mega Plugininfo

Summary

by MITRE • 05/02/2024

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 04/05/2025

The HT Mega plugin for WordPress represents a popular collection of Elementor widgets that extend the functionality of the WordPress content management system. This particular vulnerability affects versions up to and including 2.4.8, making it a significant concern for WordPress administrators who rely on this plugin for their website development needs. The vulnerability manifests within the Accordion widget component, which is commonly used to create interactive content sections on websites. The flaw stems from inadequate input sanitization and output escaping mechanisms that fail to properly validate or sanitize user-supplied data before processing it within the plugin's code.

The technical nature of this vulnerability places it firmly within the category of stored cross-site scripting attacks, where malicious scripts are permanently stored on the server and executed whenever users access affected pages. This type of vulnerability is particularly dangerous because it allows attackers to inject persistent malicious code that can affect multiple users over time. The vulnerability specifically targets the Accordion widget functionality, where user input is processed and rendered without proper security measures. The lack of input sanitization means that attackers can submit malicious payloads through the widget's attributes, while the insufficient output escaping prevents proper encoding of potentially dangerous content before it is displayed to end users.

Authentication requirements for exploitation are relatively low, as attackers only need contributor-level access or higher to successfully carry out this attack. This access level is often sufficient for malicious actors who have gained access to compromised accounts or who can manipulate user permissions within a WordPress environment. The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to steal session cookies, redirect users to malicious sites, or even perform actions on behalf of authenticated users. The stored nature of the vulnerability means that once an attacker successfully injects malicious code, it will persist and affect all users who view the affected pages, potentially compromising a large number of website visitors.

The implications of this vulnerability align with CWE-79, which describes cross-site scripting flaws that occur when untrusted data is sent to a web browser without proper validation or escaping. From an attack perspective, this vulnerability maps to several ATT&CK techniques including T1566 for initial access through compromised credentials and T1059 for command and control through script execution. Organizations should prioritize immediate remediation by updating to the latest version of the plugin where this vulnerability has been addressed. The mitigation strategy should include not only updating the plugin but also reviewing user permissions and implementing additional security measures such as web application firewalls and regular security audits. Administrators should also consider implementing monitoring systems to detect unusual activity patterns that might indicate exploitation attempts and ensure that all WordPress installations maintain current security patches to prevent similar vulnerabilities from emerging in the future.

Responsible

Wordfence

Reservation

03/21/2024

Disclosure

05/02/2024

Moderation

accepted

CPE

ready

EPSS

0.00323

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!