13 matches found
Exploit for CVE-2025-68999
CVE-2025-68999 Happy Addons for Elementor = 3.20.4 —...
CVE-2026-2917
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...
CVE-2026-2918 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haconditionupdate AJAX action. This is due to the validatereqeust method using currentusercan'editposts', $templateid instead of...
CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-50077
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through = 3.20.2...
EUVD-2024-46572
Malicious code in bioql PyPI...
EUVD-2024-44024
Malicious code in bioql PyPI...
EUVD-2024-51153
Malicious code in bioql PyPI...
CVE-2024-1366
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archivetitletag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-4865 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
PT-2024-30769 · WordPress · Happy Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Happy Addons for Elementor plugin for WordPress versions up to and including 3.10.7 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Event Calendar widget, allowing...
CVE-2024-1377
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘authormetatag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-0838
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...