Filtered by vendor Leevio
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6627 | 1 Leevio | 1 Happy Addons For Elementor | 2025-02-06 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-24833 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-08 | 4.3 Medium |
| Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. | ||||
| CVE-2024-32698 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4. | ||||
| CVE-2024-29108 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. | ||||
| CVE-2024-1366 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1377 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1387 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 4.3 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure. | ||||
| CVE-2024-1498 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2786 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 5.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2787 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2788 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2789 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3890 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3724 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3891 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-4478 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-4391 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-4865 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-5088 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-5041 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | 6.4 Medium |
| The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||