cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12852,https://securityvulnerability.io/vulnerability/CVE-2024-12852,Stored Cross-Site Scripting Vulnerability in Happy Addons for Elementor Plugin by WordPress,"The Happy Addons for Elementor plugin for WordPress has a vulnerability that allows authenticated attackers with Contributor-level access and above to exploit the 'ha_cmc_text' parameter. This vulnerability stems from inadequate input sanitization and output escaping, enabling attackers to inject arbitrary web scripts into pages. When users access these manipulated pages, the injected scripts are executed, potentially leading to further exploitation of the affected website.",Wordpress,Happy Addons For Elementor,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-08T06:41:38.203Z,0
CVE-2024-10538,https://securityvulnerability.io/vulnerability/CVE-2024-10538,Happy Addons for Elementor Plugin Vulnerable to Stored Cross-Site Scripting,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-12T03:24:59.169Z,0
CVE-2024-8801,https://securityvulnerability.io/vulnerability/CVE-2024-8801,Sensitive Information Exposure Vulnerability in Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including private, draft, and pending Elementor templates.",Wordpress,Happy Addons For Elementor,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-09-25T01:15:00.000Z,0
CVE-2024-6627,https://securityvulnerability.io/vulnerability/CVE-2024-6627,Stored Cross-Site Scripting Vulnerability in Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-27T11:13:37.530Z,0
CVE-2024-5790,https://securityvulnerability.io/vulnerability/CVE-2024-5790,Stored Cross-Site Scripting Vulnerability in Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-06-29T07:05:38.700Z,0
CVE-2024-5041,https://securityvulnerability.io/vulnerability/CVE-2024-5041,Stored Cross-Site Scripting Vulnerability in Happy Addons Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-31T09:31:41.018Z,0
CVE-2024-5347,https://securityvulnerability.io/vulnerability/CVE-2024-5347,Stored Cross-Site Scripting Vulnerability in Happy Addons for Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-05-31T09:31:39.273Z,0
CVE-2024-5088,https://securityvulnerability.io/vulnerability/CVE-2024-5088,Stored Cross-Site Scripting Vulnerability Affects Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-18T11:35:59.688Z,0
CVE-2024-4865,https://securityvulnerability.io/vulnerability/CVE-2024-4865,Stored Cross-Site Scripting Vulnerability Affects Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-18T03:06:58.279Z,0
CVE-2024-4391,https://securityvulnerability.io/vulnerability/CVE-2024-4391,Stored Cross-Site Scripting Vulnerability in Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-16T08:32:50.995Z,0
CVE-2024-4478,https://securityvulnerability.io/vulnerability/CVE-2024-4478,Stored Cross-Site Scripting Vulnerability in Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-05-16T07:32:42.409Z,0
CVE-2024-3891,https://securityvulnerability.io/vulnerability/CVE-2024-3891,Stored Cross-Site Scripting Vulnerability in Happy Addons for Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is susceptible to a stored cross-site scripting vulnerability, which allows attackers with contributor-level access or higher to exploit improperly sanitized user input. This flaw enables the injection of arbitrary scripts through HTML tags in widgets, potentially affecting user sessions when a compromised page is accessed. The issue originates from inadequate input sanitization and output escaping of user-supplied attributes, posing a significant risk for the security of affected WordPress sites.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:31.149Z,0
CVE-2024-3724,https://securityvulnerability.io/vulnerability/CVE-2024-3724,Stored Cross-Site Scripting in Happy Addons for Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping within its Image Stack Group, Photo Stack, and Horizontal Timeline widgets. Authenticated attackers with contributor-level access can exploit this flaw to introduce arbitrary scripts into pages. When users access these manipulated pages, the scripts are executed, potentially compromising user data and site integrity. This vulnerability affects all versions of the plugin up to and including 3.10.4, underscoring the necessity for prompt updates and robust security practices.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2024-05-02T16:52:18.348Z,0
CVE-2024-3890,https://securityvulnerability.io/vulnerability/CVE-2024-3890,Stored Cross-Site Scripting Vulnerability in Happy Addons Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-26T08:15:00.000Z,0
CVE-2024-1498,https://securityvulnerability.io/vulnerability/CVE-2024-1498,Stored Cross-Site Scripting Vulnerability in Happy Addons for Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-04-09T18:59:33.337Z,0
CVE-2024-2787,https://securityvulnerability.io/vulnerability/CVE-2024-2787,Stored Cross-Site Scripting Vulnerability in Happy Addons Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:31.469Z,0
CVE-2024-2789,https://securityvulnerability.io/vulnerability/CVE-2024-2789,Stored Cross-Site Scripting Vulnerability in Happy Addons for Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:17.679Z,0
CVE-2024-1387,https://securityvulnerability.io/vulnerability/CVE-2024-1387,Unauthorized Access of Data in Elementor Plugin Due to Insufficient Authorization,"The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure.",Wordpress,Happy Addons For Elementor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:14.618Z,0
CVE-2024-2788,https://securityvulnerability.io/vulnerability/CVE-2024-2788,Stored Cross-Site Scripting Vulnerability in Happy Addons for Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and lack of proper output escaping of user-supplied attributes in the Post Title HTML Tag. This vulnerability allows authenticated attackers, who have contributor-level access or higher, to inject arbitrary web scripts into pages. Consequently, these scripts execute whenever a user navigates to the compromised page, potentially leading to unauthorized actions and data exposure.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:58:56.837Z,0
CVE-2024-2786,https://securityvulnerability.io/vulnerability/CVE-2024-2786,Stored Cross-Site Scripting Vulnerability in Happy Addons for Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress includes a vulnerability that allows authenticated attackers with contributor-level access to exploit insufficient input sanitization and output escaping in the title_tag attribute across several widgets. This could enable the injection of arbitrary web scripts that execute when users access compromised pages, posing significant risks to website integrity and user trust.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-04-09T18:58:46.911Z,0
CVE-2024-1377,https://securityvulnerability.io/vulnerability/CVE-2024-1377,Stored Cross-Site Scripting Vulnerability in Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-07T05:32:40.450Z,0
CVE-2024-1366,https://securityvulnerability.io/vulnerability/CVE-2024-1366,Stored Cross-Site Scripting Vulnerability in Happy Addons for Elementor,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-07T05:32:38.892Z,0
CVE-2024-0438,https://securityvulnerability.io/vulnerability/CVE-2024-0438,Stored Cross-Site Scripting in Happy Addons for Elementor Plugin for WordPress,"The Happy Addons for Elementor plugin for WordPress has a vulnerability that allows for Stored Cross-Site Scripting through the 'wrapper link' parameter in the Age Gate feature. This vulnerability arises from inadequate input sanitization and output escaping mechanisms. Authenticated attackers with contributor access or higher may exploit this flaw to inject malicious scripts into pages. As a result, any user accessing those compromised pages could unwittingly execute these scripts, posing significant security risks to the site's integrity and user data.",Wordpress,Happy Addons for Elementor,5.4,MEDIUM,0.0006900000153109431,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-0838,https://securityvulnerability.io/vulnerability/CVE-2024-0838,Stored Cross-Site Scripting Vulnerability in Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Happy Addons for Elementor,5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2023-6632,https://securityvulnerability.io/vulnerability/CVE-2023-6632,Reflected Cross-Site Scripting in Happy Addons for Elementor Plugin,"The Happy Addons for Elementor plugin for WordPress is affected by a reflected cross-site scripting vulnerability. This flaw arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary scripts into web pages. These scripts can execute on the browsers of users who are tricked into clicking malicious links, potentially leading to compromised accounts and stolen data. It is crucial for users of this plugin to update to the latest versions to mitigate the risk associated with this vulnerability.",Wordpress,"Happy Addons for Elementor Pro,Happy Addons for Elementor",6.1,MEDIUM,0.0007099999929778278,false,,false,false,false,,false,false,2024-01-11T08:32:27.224Z,0