321 matches found
WordPress Happy Addons for Elementor plugin <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Event Calendar Widget vulnerability discovered by stealthcopter in WordPress Plugin Happy Addons for Elementor versions = 3.10.7...
WordPress Happy Addons for Elementor plugin <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Accordion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Happy Addons for Elementor versions = 3.10.9...
WordPress Happy Addons for Elementor plugin <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Thanh Nam Tran in WordPress Plugin Happy Addons for Elementor versions = 3.10.8...
CVE-2025-68999
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...
WordPress Happy Addons for Elementor plugin <= 3.20.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Happy Addons for Elementor versions = 3.20.4...
CVE-2025-68999
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...
CVE-2025-68999 WordPress Happy Addons for Elementor plugin <= 3.20.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...
CVE-2025-68999 WordPress Happy Addons for Elementor plugin <= 3.20.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...
CVE-2025-68999
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...
CVE-2025-68999
CVE-2025-68999 affects Happy Addons for Elementor (HappyMonster)
PT-2026-4117
Name of the Vulnerable Software and Affected Versions Happy Addons for Elementor versions through 3.20.4 Description A flaw exists in Happy Addons for Elementor that allows for Blind SQL Injection. This is due to improper neutralization of special elements within SQL commands. The API endpoint is...
WordPress plugin Happy Addons for Elementor SQL injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2024-2788
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
WordPress Happy Addons for Elementor plugin <= 3.12.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Happy Addons for Elementor versions = 3.12.2...
CVE-2025-14635
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14635
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-204795
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14635
CVE-2025-14635 concerns the Happy Addons for Elementor WordPress plugin. The connected Wordfence report explicitly ties this to an authenticated stored cross-site scripting (XSS) vulnerability via the ha_page_custom_js parameter, affecting version range up to and including 3.20.3. Root cause: ins...