cleantalk
Vulnerabilities and Security Researches

Happy Addons for Elementor, CVE-2026-1210

CVE, Research URL

CVE-2026-1210

Home page URL

Security reports for Happy Addons for Elementor

Application

Happy Addons for Elementor

Published on
Feb 03, 2026
Research Description
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_elementor_data' meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.20.8.
Status
vulnerable
Previous vulnerability researches
GNA Search Shortcode (CVE-2025-46540) , Apr 26, 2025
New vulnerability
Zarinpal Gateway (CVE-2026-2592) , Apr 15, 2026
Twitter posts to Blog (CVE-2026-1786) , Apr 15, 2026
Simple Download Monitor (CVE-2026-2383) , Apr 15, 2026
Blog2Social: Social Media Auto Post & Scheduler (CVE-2026-1942) , Apr 15, 2026
WP Content Permission (CVE-2026-0743) , Apr 15, 2026