Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Happy Addons for Elementor — Vulnerabilities & Security Advisories 40

All 40 CVE vulnerabilities found in Happy Addons for Elementor, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities affecting the Happy Addons for Elementor WordPress plugin. It aggregates known weaknesses related to the software, categorized by Common Weakness Enumeration (CWE) types such as cross-site scripting and improper access control. The collection covers advisory disclosures and security incidents reported between January 2021 and December 2024. Here, security professionals and site administrators can track the vendor's history of addressing these issues, understand the specific risk profiles associated with the plugin’s architecture, and review the chronological history of exploits. The data serves as a resource for assessing the overall security posture of the Happy Addons ecosystem without promoting any specific vendor narrative. By consolidating disparate reports into a single view, this page facilitates a deeper analysis of recurring flaws and the efficacy of past patch cycles. Users may explore how different vulnerability classes interact within the plugin’s feature set and evaluate the timeline of remediation efforts. This approach supports informed decision-making regarding plugin usage, update schedules, and risk mitigation strategies for websites relying on this Elementor addon. The information provided is intended strictly for technical assessment and does not constitute an endorsement or condemnation of the product’s overall quality.

Vendor: weDevs

CVE IDTitleCVSSSeverityPublished
CVE-2026-25468 WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerability CWE-497 5.3 Medium2026-05-07
CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter CWE-639 5.4 Medium2026-03-11
CVE-2026-2918 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions CWE-639 6.4 Medium2026-03-11
CVE-2026-1210 Happy Addons for Elementor <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta Field CWE-79 6.4 Medium2026-02-03
CVE-2025-68999 WordPress Happy Addons for Elementor plugin <= 3.20.4 - SQL Injection vulnerability CWE-89 8.5 High2026-01-22
CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS CWE-79 6.4 Medium2025-12-23
CVE-2025-63077 WordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerability CWE-862 4.3 Medium2025-12-09
CVE-2025-30766 WordPress Happy Addons for Elementor plugin <= 3.16.2 - Cross Site Scripting (XSS) Vulnerability CWE-79 6.5 Medium2025-03-27
CVE-2024-12852 Happy Addons for Elementor <= 3.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-01-08
CVE-2024-10538 Happy Addons for Elementor <= 3.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison CWE-79 6.4 Medium2024-11-12
CVE-2024-48045 WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability CWE-862 4.3 Medium2024-11-01
CVE-2024-47357 WordPress Happy Addons for Elementor plugin <= 3.12.0 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-10-06
CVE-2024-8801 Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure CWE-200 4.3 Medium2024-09-24
CVE-2024-6627 Happy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget CWE-79 6.4 Medium2024-07-27
CVE-2024-5790 Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget CWE-79 6.4 Medium2024-06-29
CVE-2024-5041 Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion CWE-79 6.4 Medium2024-05-31
CVE-2024-5347 Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget CWE-79 6.4 Medium2024-05-31
CVE-2024-5088 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-18
CVE-2024-4865 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter CWE-79 6.4 Medium2024-05-18
CVE-2024-4391 Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget CWE-79 6.4 Medium2024-05-16
CVE-2024-4478 Happy Addons for Elementor <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group Widget CWE-79 6.4 Medium2024-05-16
CVE-2024-24833 WordPress Happy Addons for Elementor plugin <= 3.10.1 - Broken Access Control on Post Clone vulnerability CWE-862 4.3 Medium2024-05-08
CVE-2024-3891 Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags CWE-79 6.4 Medium2024-05-02
CVE-2024-3724 Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline CWE-79 6.4 Medium2024-05-02
CVE-2024-3890 Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget CWE-79 6.4 Medium2024-04-26
CVE-2024-32698 WordPress Happy Addons for Elementor plugin <= 3.10.4 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-04-22
CVE-2024-1498 Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget CWE-79 6.4 Medium2024-04-09
CVE-2024-2787 Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag CWE-79 6.4 Medium2024-04-09
CVE-2024-2789 Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy CWE-79 6.4 Medium2024-04-09
CVE-2024-1387 Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure CWE-862 4.3 Medium2024-04-09

All 40 known CVE vulnerabilities affecting Happy Addons for Elementor with full Chinese analysis, references, and POCs where available.