{"api_version":"1","generated_at":"2026-04-23T12:53:30+00:00","cve":"CVE-2026-4106","urls":{"html":"https://cve.report/CVE-2026-4106","api":"https://cve.report/api/cve/CVE-2026-4106.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-4106","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-4106"},"summary":{"title":"HT Mega < 3.0.7 – Unauthenticated PII Disclosure","description":"The HT Mega Addons for Elementor  WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days","state":"PUBLISHED","assigner":"WPScan","published_at":"2026-04-23 07:16:41","updated_at":"2026-04-23 07:16:41"},"problem_types":["CWE-200 Information Exposure"],"metrics":[],"references":[{"url":"https://wpscan.com/vulnerability/9477ead2-3990-4aae-8e66-09ee2f4daa3e/","name":"https://wpscan.com/vulnerability/9477ead2-3990-4aae-8e66-09ee2f4daa3e/","refsource":"contact@wpscan.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-4106","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4106","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Unknown","product":"HT Mega Addons for Elementor","version":"affected 3.0.7 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Chiao-Lin Yu (Steven Meow)","lang":"en"},{"source":"CNA","value":"WPScan","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"HT Mega Addons for Elementor","vendor":"Unknown","versions":[{"lessThan":"3.0.7","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Chiao-Lin Yu (Steven Meow)"},{"lang":"en","type":"coordinator","value":"WPScan"}],"descriptions":[{"lang":"en","value":"The HT Mega Addons for Elementor  WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days"}],"problemTypes":[{"descriptions":[{"description":"CWE-200 Information Exposure","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-23T06:00:06.084Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["exploit","vdb-entry","technical-description"],"url":"https://wpscan.com/vulnerability/9477ead2-3990-4aae-8e66-09ee2f4daa3e/"}],"source":{"discovery":"EXTERNAL"},"title":"HT Mega < 3.0.7 – Unauthenticated PII Disclosure","x_generator":{"engine":"WPScan CVE Generator"}}},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2026-4106","datePublished":"2026-04-23T06:00:06.084Z","dateReserved":"2026-03-13T09:10:56.371Z","dateUpdated":"2026-04-23T06:00:06.084Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-23 07:16:41","lastModifiedDate":"2026-04-23 07:16:41","problem_types":["CWE-200 Information Exposure"],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"4106","Ordinal":"1","Title":"HT Mega < 3.0.7 – Unauthenticated PII Disclosure","CVE":"CVE-2026-4106","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"4106","Ordinal":"1","NoteData":"The HT Mega Addons for Elementor  WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days","Type":"Description","Title":"HT Mega < 3.0.7 – Unauthenticated PII Disclosure"}]}}}