Happy Addons for Elementor, 2bc1433c-6129-48f7-9d0a-84b5c680a6d1

CVE, Research URL: 2bc1433c-6129-48f7-9d0a-84b5c680a6d1
Home page URL: Security reports for Happy Addons for Elementor
Application: Happy Addons for Elementor
Published on: -
Research Description: Happy Addons for Elementor [happy-elementor-addons] < 3.10.1 Happy Elementor Addons < 3.10.1 - Contributor+ Stored Cross-Site Scripting The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's AGe Gate Widget in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on the user supplied header URL value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.10.1.
Status: vulnerable