Happy Addons for Elementor

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Happy Addons for Elementor

Information

Software Type Plugin
Software Slug happy-elementor-addons (view on wordpress.org)
Software Status Active
Software Author thehappymonster
Software Website happyaddons.com
Software Downloads 6,562,476
Software Active Installs 400,000
Software Record Last Updated April 25, 2024

20 Vulnerabilities

Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
6.4
CVE-2024-3891
Apr 19, 2024
Researcher: wesley (wcraft)
Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline
6.4
CVE-2024-3724
Apr 19, 2024
Researcher: stealthcopter
Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag
5.4
CVE-2024-2786
Apr 4, 2024
Researcher: wesley (wcraft)
Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag
6.4
CVE-2024-2788
Apr 4, 2024
Researcher: João Pedro Soares de Alcântara
Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag
6.4
CVE-2024-2787
Apr 4, 2024
Researcher: João Pedro Soares de Alcântara
Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy
6.4
CVE-2024-2789
Apr 4, 2024
Researcher: ST
Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget
6.4
CVE-2024-1498
Apr 4, 2024
Researcher: RandomRoot
Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure
4.3
CVE-2024-1387
Apr 4, 2024
Researcher: Lucio Sá
Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget
6.4
CVE-2024-1366
Mar 6, 2024
Researcher: wesley (wcraft)
Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget
6.4
CVE-2024-1377
Mar 6, 2024
Researcher: Nikolas
Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-0838
Feb 13, 2024
Researcher: wesley (wcraft)
Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-0438
Feb 13, 2024
Researcher: wesley (wcraft)
Happy Addons for Elementor <= 3.10.1 - Missing Authorization via add_row_actions
4.3
CVE-2024-24833
Feb 2, 2024
Researcher: Abu Hurayra
Happy Elementor Addons <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE ID Unknown
Jan 9, 2024
Researchers:
Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting
6.1
CVE-2023-6632
Jan 5, 2024
Researcher: xEHLE
Happy Addons for Elementor <= 3.9.1.1 - Server Side Request Forgery
5.4
CVE-2023-51676
Dec 27, 2023
Researcher: Yuchen Ji
Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout()
4.3
CVE-2023-28989
Mar 29, 2023
Researcher: Muhammad Daffa
Appsero <= 1.2.1 - Missing Authorization
4.3
CVE ID Unknown
Dec 16, 2022
Researchers:
Appsero <= 1.2.0 - Cross-Site Request Forgery
4.3
CVE-2022-47150
Dec 14, 2022
Researcher: István Márton
Happy Addons for Elementor <= 2.23.0 & Pro Version < 1.17.0 - Stored Cross-Site Scripting
6.4
CVE-2021-24292
Apr 26, 2021
Researcher: Ram
Title CVE ID CVSS Researchers Date
Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags CVE-2024-3891 6.4 wesley (wcraft) April 19, 2024
Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline CVE-2024-3724 6.4 stealthcopter April 19, 2024
Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag CVE-2024-2786 5.4 wesley (wcraft) April 4, 2024
Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag CVE-2024-2788 6.4 João Pedro Soares de Alcântara April 4, 2024
Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag CVE-2024-2787 6.4 João Pedro Soares de Alcântara April 4, 2024
Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy CVE-2024-2789 6.4 ST April 4, 2024
Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget CVE-2024-1498 6.4 RandomRoot April 4, 2024
Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure CVE-2024-1387 4.3 Lucio Sá April 4, 2024
Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget CVE-2024-1366 6.4 wesley (wcraft) March 6, 2024
Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget CVE-2024-1377 6.4 Nikolas March 6, 2024
Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-0838 6.4 wesley (wcraft) February 13, 2024
Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-0438 6.4 wesley (wcraft) February 13, 2024
Happy Addons for Elementor <= 3.10.1 - Missing Authorization via add_row_actions CVE-2024-24833 4.3 Abu Hurayra February 2, 2024
Happy Elementor Addons <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 January 9, 2024
Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting CVE-2023-6632 6.1 xEHLE January 5, 2024
Happy Addons for Elementor <= 3.9.1.1 - Server Side Request Forgery CVE-2023-51676 5.4 Yuchen Ji December 27, 2023
Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout() CVE-2023-28989 4.3 Muhammad Daffa March 29, 2023
Appsero <= 1.2.1 - Missing Authorization 4.3 December 16, 2022
Appsero <= 1.2.0 - Cross-Site Request Forgery CVE-2022-47150 4.3 István Márton December 14, 2022
Happy Addons for Elementor <= 2.23.0 & Pro Version < 1.17.0 - Stored Cross-Site Scripting CVE-2021-24292 6.4 Ram April 26, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation