Vulnerabilities and security researches forhappy-elementor-addons happy-elementor-addons

Direction: ascending

Jun 07, 2024

Happy Addons for Elementor # CVE-2021-24292

CVE, Research URL: CVE-2021-24292
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 17, 2021
Research Description: The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter. Although the element control lists a fixed set of possible html tags, it is possible to send a ‘save_builder’ request with the “heading_tag” set to “script”, and the actual “title” parameter set to JavaScript to be executed within the script tags added by the “heading_tag” parameter.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-24833

CVE, Research URL: CVE-2024-24833
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 08, 2024
Research Description: Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2023-6632

CVE, Research URL: CVE-2023-6632
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Jan 11, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-2789

CVE, Research URL: CVE-2024-2789
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Apr 10, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-2786

CVE, Research URL: CVE-2024-2786
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Apr 10, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-2788

CVE, Research URL: CVE-2024-2788
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Apr 10, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-1498

CVE, Research URL: CVE-2024-1498
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Apr 10, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-3724

CVE, Research URL: CVE-2024-3724
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 02, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-1387

CVE, Research URL: CVE-2024-1387
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Apr 10, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-1377

CVE, Research URL: CVE-2024-1377
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Mar 07, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-4391

CVE, Research URL: CVE-2024-4391
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 16, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-5041

CVE, Research URL: CVE-2024-5041
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 31, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-3890

CVE, Research URL: CVE-2024-3890
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Apr 26, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2023-28989

CVE, Research URL: CVE-2023-28989
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Jul 10, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-29108

CVE, Research URL: CVE-2024-29108
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Mar 19, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-0438

CVE, Research URL: CVE-2024-0438
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Feb 29, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2023-51676

CVE, Research URL: CVE-2023-51676
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Dec 29, 2023
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-1366

CVE, Research URL: CVE-2024-1366
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Mar 07, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-4865

CVE, Research URL: CVE-2024-4865
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 18, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-0838

CVE, Research URL: CVE-2024-0838
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Feb 29, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-5347

CVE, Research URL: CVE-2024-5347
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 31, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-3891

CVE, Research URL: CVE-2024-3891
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 02, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-32698

CVE, Research URL: CVE-2024-32698
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Apr 22, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-4478

CVE, Research URL: CVE-2024-4478
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 16, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-5088

CVE, Research URL: CVE-2024-5088
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: May 18, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Happy Addons for Elementor # CVE-2024-2787

CVE, Research URL: CVE-2024-2787
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Apr 10, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jun 30, 2024

Happy Addons for Elementor # CVE-2024-5790

CVE, Research URL: CVE-2024-5790
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Jun 29, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jul 27, 2024

Happy Addons for Elementor # CVE-2024-6627

CVE, Research URL: CVE-2024-6627
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: -
Research Description: Happy Addons for Elementor [happy-elementor-addons] < 3.11.3 CVE-2024-6627
Affected versions: Min -, max -.
Status: vulnerable

Sep 24, 2024

Happy Addons for Elementor # CVE-2024-8801

CVE, Research URL: CVE-2024-8801
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: -
Research Description: Happy Addons for Elementor [happy-elementor-addons] < 3.12.3 CVE-2024-8801
Affected versions: Min -, max -.
Status: vulnerable

Oct 03, 2024

Happy Addons for Elementor # CVE-2024-47357

CVE, Research URL: CVE-2024-47357
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Oct 06, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.12.0.
Affected versions: Min -, max -.
Status: vulnerable

Oct 16, 2024

Happy Addons for Elementor # CVE-2024-48045

CVE, Research URL: CVE-2024-48045
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3.
Affected versions: Min -, max -.
Status: vulnerable

Nov 14, 2024

Happy Addons for Elementor # CVE-2024-10538

CVE, Research URL: CVE-2024-10538
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Nov 12, 2024
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jan 09, 2025

Happy Addons for Elementor # CVE-2024-12852

CVE, Research URL: CVE-2024-12852
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Jan 08, 2025
Research Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

Happy Addons for Elementor # CVE-2025-30766

CVE, Research URL: CVE-2025-30766
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Date: Mar 27, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor allows DOM-Based XSS. This issue affects Happy Addons for Elementor: from n/a through 3.16.2.
Affected versions: Min -, max -.
Status: vulnerable