CVE-2025-8068
HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator ActionsThe HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajax_trash_templates' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary attachment files, and move arbitrary posts, pages, and templates to the Trash.
We have discovered 7,600 live websites that are affected by CVE-2025-8068.
Affected Software
| Product |  Ht Mega For Elementor |
| Category | Wordpress Plugins |
| Vulnerable Domains | 7,600 live websites (47% of Ht Mega For Elementor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 157 versions ( 94% of all versions) |
Common Weakness Enumeration
CWE-863 Incorrect AuthorizationDetails
- Published - Jul 31, 2025
- Updated - Jul 31, 2025
Credits
- wesley (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-8068 United States | 1,500 websites |
 Germany | 723 websites |
 France | 548 websites |
 Brazil | 479 websites |
 India | 293 websites |
 Italy | 291 websites |
 GB | 280 websites |
 Poland | 253 websites |
 Russia | 209 websites |
 Netherlands | 203 websites |
Website Distribution by TLD
Number of websites using CVE-2025-8068| .com | 2,786 websites |
| .com.br | 413 websites |
| .de | 374 websites |
| .org | 277 websites |
| .fr | 242 websites |
| .it | 197 websites |
| .pl | 195 websites |
| .nl | 190 websites |
| .ru | 170 websites |
| .co.uk | 143 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-8068
Top websites that are affected by CVE-2025-8068. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.com | United States | **,*** | |
| *****.es |  Spain | **,*** | |
| ****************.org | United States | **,*** | |
| *******.it | Italy | **,*** | |
| **.*********.***.ph |  Philippines | **,*** | |
| ****.***.pl | Poland | ***,*** | |
| ****.**.za |  South Africa | ***,*** | |
| ****.de | Germany | ***,*** | |
| ********.com | United States | ***,*** | |
| *********.org | United States | ***,*** |
FAQ
CVE-2025-8068 is Incorrect Authorization in Ht Mega For Elementor
A total of 7,600 websites have been identified as vulnerable to CVE-2025-8068, based on global website indexing conducted by WebTechSurvey.
The Ht Mega For Elementor is affected by the CVE-2025-8068 vulnerability.
Ht Mega For Elementor versions up to and including 2.9.1 are vulnerable to CVE-2025-8068.