PLUGIN SECURITY
Is Happy Elementor Addons safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Happy Elementor Addons WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
happy-elementor-addons - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Happy Addons for Elementor [happy-elementor-addons] < 2.24.0 [CVE-2021-24292, Happy Addons for Elementor <= 2.23.0 & Pro Version < 1.17.0 - Stored Cross-Site Scripting, Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS]
- Happy Addons for Elementor [happy-elementor-addons] < 3.8.0 [CVE-2022-47150, WordPress Happy Addons for Elementor Plugin <= 3.7.2 is vulnerable to Cross Site Request Forgery (CSRF)]
- Happy Addons for Elementor [happy-elementor-addons] < 3.8.3 [CVE-2023-28989, WordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF), Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout(), Happy Addons for Elementor < 3.8.3 - Cross-Site Request Forgery]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.0 [CVE-2023-51676, WordPress Happy Addons for Elementor Plugin <= 3.9.1.1 is vulnerable to Server Side Request Forgery (SSRF), Happy Addons for Elementor <= 3.9.1.1 - Server Side Request Forgery, Happy Addons for Elementor < 3.10.0 - Contributor+ SSRF]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.0 [CVE-2023-6632, Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting, WordPress Happy Addons for Elementor Plugin <= 3.9.1.1 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor (Free < 3.10.0, Pro < 2.10.0) - Reflected Cross-Site Scripting]
+ 40 more known vulnerabilities
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.1 [Happy Elementor Addons <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.2 [CVE-2024-24833, Happy Addons for Elementor <= 3.10.1 - Missing Authorization via add_row_actions, WordPress Happy Addons for Elementor Plugin <= 3.10.1 is vulnerable to Broken Access Control, Happy Addons for Elementor < 3.10.2 - Missing Authorization via add_row_actions]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.2 [CVE-2024-0438, Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Happy Addons for Elementor Plugin <= 3.10.1 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor < 3.10.2 - Contributor+ Stored Cross-Site Scripting]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.2 [CVE-2024-0838, Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting, Happy Addons for Elementor < 3.10.2 - Contributor+ Stored Cross-Site Scripting]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.4 [CVE-2024-1377, Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget, WordPress Happy Addons for Elementor Plugin <= 3.10.3 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor < 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.4 [CVE-2024-1366, Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget, WordPress Happy Addons for Elementor Plugin <= 3.10.3 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor < 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.2 [CVE-2024-29108, WordPress Happy Addons for Elementor Plugin <= 3.10.1 is vulnerable to Cross Site Scripting (XSS)]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-1387, Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure, WordPress Happy Addons for Elementor Plugin <= 3.10.4 is vulnerable to Sensitive Data Exposure]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-2789, Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.4 [CVE-2024-2786, Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-2788, Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.4 [CVE-2024-1498, Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-2787, Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-3724, Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.6 [CVE-2024-3891, Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags, WordPress Happy Addons for Elementor Plugin <= 3.10.5 is vulnerable to Cross Site Scripting (XSS)]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-32698, WordPress Happy Addons for Elementor Plugin <= 3.10.4 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.7 [CVE-2024-3890, Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget, WordPress Happy Addons for Elementor Plugin <= 3.10.6 is vulnerable to Cross Site Scripting (XSS)]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.8 [CVE-2024-4478, WordPress Happy Addons for Elementor Plugin <= 3.10.7 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group Widget]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.8 [CVE-2024-4391, Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.9 [CVE-2024-4865, Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter, WordPress Happy Addons for Elementor Plugin <= 3.10.8 is vulnerable to Cross Site Scripting (XSS)]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.9 [CVE-2024-5088, Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Happy Addons for Elementor [happy-elementor-addons] < 3.11.0 [CVE-2024-5041, Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion]
- Happy Addons for Elementor [happy-elementor-addons] < 3.11.0 [CVE-2024-5347, WordPress Happy Addons for Elementor Plugin <= 3.10.9 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget]
- Happy Addons for Elementor [happy-elementor-addons] < 3.11.2 [CVE-2024-5790, Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget, WordPress Happy Addons for Elementor Plugin <= 3.11.1 is vulnerable to Cross Site Scripting (XSS)]
- Happy Addons for Elementor [happy-elementor-addons] < 3.10.1 [Happy Elementor Addons < 3.10.1 - Contributor+ Stored Cross-Site Scripting]
- Happy Addons for Elementor [happy-elementor-addons] < 3.11.3 [CVE-2024-6627, Happy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget, WordPress Happy Addons for Elementor Plugin <= 3.11.2 is vulnerable to Cross Site Scripting (XSS)]
- Happy Addons for Elementor [happy-elementor-addons] < 3.12.3 [CVE-2024-8801, Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure, WordPress Happy Addons for Elementor Plugin <= 3.12.2 is vulnerable to Sensitive Data Exposure]
- Happy Addons for Elementor [happy-elementor-addons] < 3.12.1 [CVE-2024-47357, WordPress Happy Addons for Elementor Plugin <= 3.12.0 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Happy Addons for Elementor [happy-elementor-addons] < 3.12.4 [CVE-2024-48045, WordPress Happy Addons for Elementor Plugin <= 3.12.3 is vulnerable to Broken Access Control, Happy Addons for Elementor <= 3.12.3 - Missing Authorization]
- Happy Addons for Elementor [happy-elementor-addons] < 3.12.6 [CVE-2024-10538, WordPress Happy Addons for Elementor Plugin <= 3.12.5 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison]
- Happy Addons for Elementor [happy-elementor-addons] < 3.15.2 [CVE-2024-12852, WordPress Happy Addons for Elementor Plugin <= 3.15.1 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2024-51153]
- Happy Addons for Elementor [happy-elementor-addons] < 3.16.3 [CVE-2025-30766, Happy Addons for Elementor <= 3.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2025-8407]
- Happy Addons for Elementor [happy-elementor-addons] < 3.12.3 [Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library, Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library, Magnific Popups JavaScript Library < 1.2.0 - Contributor+ Stored XSS, EUVD-2024-54725]
- Happy Addons for Elementor [happy-elementor-addons] < 3.20.4 [CVE-2025-63077, Happy Addons for Elementor <= 3.20.3 - Missing Authorization]
- Happy Addons for Elementor [happy-elementor-addons] < 3.20.4 [CVE-2025-14635, Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS]
- Happy Addons for Elementor [happy-elementor-addons] < 3.20.6 [CVE-2025-68999, Happy Addons for Elementor <= 3.20.4 - Authenticated (Contributor+) SQL Injection]
- Happy Addons for Elementor [happy-elementor-addons] < 3.21.1 [CVE-2026-2917, Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter]
- Happy Addons for Elementor [happy-elementor-addons] < 3.21.1 [CVE-2026-2918, Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions]
- Happy Addons for Elementor [happy-elementor-addons] < 3.20.8 [CVE-2026-1210, Happy Addons for Elementor <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta Field]
- Happy Addons for Elementor [happy-elementor-addons] < 3.21.0 [CVE-2026-25468, Happy Addons for Elementor <= 3.20.8 - Unauthenticated Information Exposure]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Elementor Website Builder – more than just a page builder — 10000000+ active installs — max PHP 8.4
- Ultimate Addons for Elementor — 2000000+ active installs — max PHP 8.4
- Essential Addons for Elementor – Popular Elementor Templates & Widgets — 2000000+ active installs — max PHP 8.4
- Starter Templates – AI-Powered Templates for Elementor & Gutenberg — 1000000+ active installs — max PHP 8.4
- ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor — 1000000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.