CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 0CVE-2024-5647 – Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library
https://notcve.org/view.php?id=CVE-2024-5647
02 Jul 2025 — Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was fixed in the upstream library (Magnifi... • https://www.wordfence.com/threat-intel/vulnerabilities/id/dae80fc2-3076-4a32-876d-5df1c62de9bd?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12852 – Happy Addons for Elementor <= 3.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12852
07 Jan 2025 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/changeset/3212495/happy-elementor-addons/tags/3.15.2/assets/js/custom-mouse-cursor.js • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10538 – Happy Addons for Elementor <= 3.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison
https://notcve.org/view.php?id=CVE-2024-10538
11 Nov 2024 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3182100%40happy-elementor-addons&new=3182100%40happy-elementor-addons&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8801 – Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2024-8801
23 Sep 2024 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including private, draft, and pending Elementor templates. • https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/content-switcher/widget.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6627 – Happy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget
https://notcve.org/view.php?id=CVE-2024-6627
26 Jul 2024 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/pdf-view/widget.php#L587 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5790 – Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget
https://notcve.org/view.php?id=CVE-2024-5790
28 Jun 2024 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Happy Addons para Elementor para... • https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.11.0/widgets/gradient-heading/widget.php#L260 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5347 – Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget
https://notcve.org/view.php?id=CVE-2024-5347
30 May 2024 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Hap... • https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.9/widgets/post-navigation/widget.php#L588 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5041 – Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion
https://notcve.org/view.php?id=CVE-2024-5041
30 May 2024 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Happy Addons para Elementor para WordPress es vulnerable a ... • https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/image-accordion/widget.php#L1462 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4865 – Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter
https://notcve.org/view.php?id=CVE-2024-4865
17 May 2024 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Happy Addons for Elementor para WordPress es vulnerable a cross site scripti... • https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/skills/widget.php#L359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5088 – Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-5088
17 May 2024 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Happy Addons for Elementor para WordPress es vulnerable a cross site scripti... • https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/skills/widget.php#L360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •