Happy Addons for Elementor < 3.10.2 – Contributor+ Stored Cross-Site Scripting | CVE 2024-0838

Affects Plugins

happy-elementor-addons

Fixed in 3.10.2

References

CVE

CVE-2024-0838

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

wesley (wcraft)

Verified

No

WPVDB ID

bf5c24ca-b240-492c-93cd-cad96d63daaa

Timeline

Publicly Published

2024-02-13 (about 2 years ago)

Added

2024-02-15 (about 2 years ago)

Last Updated

2024-02-15 (about 2 years ago)

Other

Published

Title

Published

2025-03-29

Title

Cost Calculator Builder < 3.2.66 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2017-01-17

Title

Moreads Se < 1.4.7 - XSS

Published

2016-09-21

Title

W3 Total Cache < 0.9.5 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2023-08-23

Title

Leyka < 3.30.4 - Admin+ Stored XSS

Published

2023-12-27

Title

Stock Ticker < 3.23.5 - Authenticated (Contributor+) Stored Cross-Site Scritping