WordPress Plugin Vulnerabilities

Happy Addons for Elementor < 3.8.3 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.

Affects Plugins

Plugin icon
happy-elementor-addons
Fixed in 3.8.3

References

CVE
CVE-2023-28989
URL
https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-8-2-cross-site-request-forgery-csrf-on-collect-data-popup

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
fe292389-0b47-4fdf-9d58-1131ea17800a

Timeline

Publicly Published
2023-03-29 (about 3 years ago)
Added
2023-07-10 (about 2 years ago)
Last Updated
2023-07-10 (about 2 years ago)

Other

Published
Title
Published
2025-07-01
Title
Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate
Published
2022-10-02
Title
Shortcodes Ultimate < 5.12.1 - Settings Preset Update via CSRF
Published
2022-09-06
Title
Booking Calendar < 9.2.2 - Arbitrary Translation Update via CSRF
Published
2024-12-12
Title
Multiple Admin Emails <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2026-01-16
Title
The Guardian News Feed <= 1.2 - Cross-Site Request Forgery to Settings Update