Name of the Vulnerable Software and Affected Versions:

HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.9.2

Description:

The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to unauthorized modification and data loss. This is due to an insufficient capability check within the `ajax trash templates` function. Authenticated attackers possessing Contributor-level access or higher can delete arbitrary attachment files and move arbitrary posts, pages, and templates to the Trash.

Recommendations:

Update to version 2.9.2 or later.

As a temporary workaround, restrict access for users with Contributor-level access or lower.