GHSA-2XR4-CHCF-VMVF The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI

Impact The Query Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'REQUESTURI' parameter in all versions up to, and including, 3.20.3 due to insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI

Impact The Query Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'REQUESTURI' parameter in all versions up to, and including, 3.20.3 due to insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

PT-2026-26494

Name of the Vulnerable Software and Affected Versions Query Monitor versions prior to 3.20.4 Description The Query Monitor plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to...

CVE-2025-68999

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...

CVE-2025-68999

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...

CVE-2025-68999 WordPress Happy Addons for Elementor plugin <= 3.20.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through = 3.20.4...

PT-2026-4117

Name of the Vulnerable Software and Affected Versions Happy Addons for Elementor versions through 3.20.4 Description A flaw exists in Happy Addons for Elementor that allows for Blind SQL Injection. This is due to improper neutralization of special elements within SQL commands. The API endpoint is...