Stored Cross-Site Scripting Vulnerability in Happy Addons for Elementor Plugin
CVE-2024-2786

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Happy Addons For Elementor
Vendor: CVE Published:; 9 April 2024

What is CVE-2024-2786?

The Happy Addons for Elementor plugin for WordPress includes a vulnerability that allows authenticated attackers with contributor-level access to exploit insufficient input sanitization and output escaping in the title_tag attribute across several widgets. This could enable the injection of arbitrary web scripts that execute when users access compromised pages, posing significant risks to website integrity and user trust.

Affected Version(s)

Happy Addons for Elementor * <= 3.10.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/happy-elemento...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Mar 21, 2024

Credit

wesley