Thehappymonster Happy Addons For Elementor
30 CVEs affecting Thehappymonster Happy Addons For Elementor. Latest disclosed: 2026-03-11. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2918 | Medium | 6.4 | 2026-03-11 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_… |
CVE-2026-1210 | Medium | 6.4 | 2026-02-03 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_elementor_data' meta field in all versions up to, an… |
CVE-2025-14635 | Medium | 6.4 | 2025-12-23 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_page_custom_js' parameter in all versions up to, a… |
CVE-2024-5647 | Medium | 6.4 | 2025-07-03 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versio… |
CVE-2024-12852 | Medium | 6.4 | 2025-01-08 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in a… |
CVE-2024-10538 | Medium | 6.4 | 2024-11-12 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget… |
CVE-2024-6627 | Medium | 6.4 | 2024-07-27 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and in… |
CVE-2024-5790 | Medium | 6.4 | 2024-06-29 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading w… |
CVE-2024-5041 | Medium | 6.4 | 2024-05-31 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to… |
CVE-2024-5347 | Medium | 6.4 | 2024-05-31 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation… |
CVE-2024-5088 | Medium | 6.4 | 2024-05-18 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including… |
CVE-2024-4865 | Medium | 6.4 | 2024-05-18 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including… |
CVE-2024-4391 | Medium | 6.4 | 2024-05-16 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to… |
CVE-2024-4478 | Medium | 6.4 | 2024-05-16 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and in… |
CVE-2024-3891 | Medium | 6.4 | 2024-05-02 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including… |
CVE-2024-3724 | Medium | 6.4 | 2024-05-02 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal… |
CVE-2024-3890 | Medium | 6.4 | 2024-04-26 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including… |
CVE-2024-1498 | Medium | 6.4 | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and… |
CVE-2024-2787 | Medium | 6.4 | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and includi… |
CVE-2024-2789 | Medium | 6.4 | 2024-04-09 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and inc… |