Happy Addons for Elementor, 19b1bf37778359f6a7c661e53860cf8e5852f827

CVE, Research URL: 19b1bf37778359f6a7c661e53860cf8e5852f827
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Published on: Jan 09, 2024
Research Description: Happy Addons for Elementor [happy-elementor-addons] < 3.10.1 Happy Elementor Addons <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AGe Gate Widget in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on the user supplied header URL value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.10.1.
Status: vulnerable