# CVE-2026-4106

> Vulnerability · severity: **MEDIUM** (CVSS 5.3).

## Description

The HT Mega Addons for Elementor  WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days

## Key facts

- **CVE ID:** CVE-2026-4106
- **Published:** 2026-04-23
- **CVSS severity:** MEDIUM
- **CVSS base score:** 5.3
- **CWE codes:** CWE-200

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4106

## Citation

> AI Analytics. CVE-2026-4106. Retrieved 2026-07-19 from https://api.ai-analytics.org/cve/CVE-2026-4106. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*