What is CVE-2021-24292?

CVE-2021-24292 is a vulnerability in Wedevs Happy Addons For Elementor, classified under Cross-site Scripting. Published 2021-05-17.

Is CVE-2021-24292 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Wedevs Happy Addons For Elementor

CVE-2021-24292

The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (45.0th percentile) — read the EPSS interpretation.

Affected products

Wedevs Happy Addons For Elementor — versions 2.24.0
Wedevs Happy Addons Pro For Elementor — versions 1.17.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

20142995/nuclei-templates

References

www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/ (x_refsource_MISC)
wpscan.com/vulnerability/0f20e098-8106-451f-9448-d35a79f03077 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-24292?: CVE-2021-24292 is a vulnerability in Wedevs Happy Addons For Elementor, classified under Cross-site Scripting. Published 2021-05-17.
Is CVE-2021-24292 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.