Lucene search
K

605 matches found

CVE
CVE
added 2026/03/27 9:15 p.m.33 views

CVE-2026-33943

Happy DOM CVE-2026-33943 involves a code-injection vulnerability in the ECMAScriptModuleCompiler: in versions 15.10.0 through 20.8.7, unsanitized content within export { ... } in ES modules is interpolated into generated code as an executable expression, with backticks not removed, enabling templ...

9.8CVSS6.1AI score0.00788EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/27 9:15 p.m.5 views

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

8.8CVSS6.1AI score0.00788EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

happy-dom 代码注入漏洞

Happy-Dom is a JavaScript implementation of a web browser with no graphical interface, developed by David Ortner. Versions of Happy-Dom prior to 20.8.7 contained a code injection vulnerability. This vulnerability stemmed from issues with the ECMAScriptModuleCompiler, which could allow attackers t...

9.8CVSS6.3AI score0.00788EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

happy-dom 安全漏洞

Happy-Dom is a JavaScript implementation of a web browser without a graphical interface, developed by David Ortner. Versions of Happy-Dom prior to 20.8.9 contained a security vulnerability. This vulnerability stemmed from the fetch function, which might attach cookies originating from the current...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References5
OSV
OSV
added 2026/03/26 10:22 p.m.3 views

GHSA-6Q6H-J7HJ-3R64 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

8.8CVSS6.1AI score0.00788EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/26 10:22 p.m.27 views

Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

9.8CVSS7.6AI score0.00788EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-2917

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.27 views

PT-2026-28574

Name of the Vulnerable Software and Affected Versions Happy DOM versions 15.10.0 through 20.8.7 Description Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions 15.10.0 through 20.8.7 contain a code injection issue in the ECMAScriptModuleCompile...

8.8CVSS6.1AI score0.00788EPSS
Exploits1References12
EUVD
EUVD
added 2026/03/11 9:31 a.m.7 views

EUVD-2026-11121

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References7
NVD
NVD
added 2026/03/11 8:16 a.m.8 views

CVE-2026-2917

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

5.4CVSS0.00193EPSS
Exploits0References6
CVE
CVE
added 2026/03/11 7:36 a.m.17 views

CVE-2026-2917

CVE-2026-2917 (Happy Addons for Elementor, WordPress) is an Insecure Direct Object Reference vulnerability affecting all versions up to 3.21.0. The root cause is the can_clone() check only enforcing a general capability (current_user_can('edit_posts')) and an action nonce bound to the generic ha_...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:36 a.m.4 views

CVE-2026-2917

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/11 7:36 a.m.3 views

CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References6
CVE
CVE
added 2026/03/11 7:36 a.m.18 views

CVE-2026-2918

CVE-2026-2918 affects Happy Addons for Elementor (WordPress) up to version 3.21.0. The issue stems from insecure object handling: ha_condition_update uses current_user_can('edit_posts', template_id) instead of proper per-object authorization, and ha_get_current_condition lacks a capability check,...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/11 7:36 a.m.30 views

CVE-2026-2918 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...

6.4CVSS0.00193EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/11 7:36 a.m.4 views

CVE-2026-2918 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24598

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the ha duplicate thing admin action handler. This is due to the can clone method only checking current user can'edit posts' a general capability...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/03/10 11:17 p.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Post Duplication via 'postid' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder