WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Happy Elementor Addons safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Happy Elementor Addons WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: happy-elementor-addons
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Happy Addons for Elementor [happy-elementor-addons] < 2.24.0 [CVE-2021-24292, Happy Addons for Elementor <= 2.23.0 & Pro Version < 1.17.0 - Stored Cross-Site Scripting, Happy Addons for Elementor Free &lt; 2.24.0 and Pro &lt; 1.17.0 - Contributor+ Stored XSS]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.8.0 [CVE-2022-47150, WordPress Happy Addons for Elementor Plugin <= 3.7.2 is vulnerable to Cross Site Request Forgery (CSRF)]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.8.3 [CVE-2023-28989, WordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF), Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout(), Happy Addons for Elementor &lt; 3.8.3 - Cross-Site Request Forgery]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.0 [CVE-2023-51676, WordPress Happy Addons for Elementor Plugin <= 3.9.1.1 is vulnerable to Server Side Request Forgery (SSRF), Happy Addons for Elementor <= 3.9.1.1 - Server Side Request Forgery, Happy Addons for Elementor &lt; 3.10.0 - Contributor+ SSRF]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.0 [CVE-2023-6632, Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting, WordPress Happy Addons for Elementor Plugin <= 3.9.1.1 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor (Free &lt; 3.10.0, Pro &lt; 2.10.0) - Reflected Cross-Site Scripting]
+ 40 more known vulnerabilities
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.1 [Happy Elementor Addons <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.2 [CVE-2024-24833, Happy Addons for Elementor <= 3.10.1 - Missing Authorization via add_row_actions, WordPress Happy Addons for Elementor Plugin <= 3.10.1 is vulnerable to Broken Access Control, Happy Addons for Elementor &lt; 3.10.2 - Missing Authorization via add_row_actions]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.2 [CVE-2024-0438, Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Happy Addons for Elementor Plugin <= 3.10.1 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor &lt; 3.10.2 - Contributor+ Stored Cross-Site Scripting]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.2 [CVE-2024-0838, Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting, Happy Addons for Elementor &lt; 3.10.2 - Contributor+ Stored Cross-Site Scripting]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.4 [CVE-2024-1377, Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget, WordPress Happy Addons for Elementor Plugin <= 3.10.3 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor &lt; 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.4 [CVE-2024-1366, Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget, WordPress Happy Addons for Elementor Plugin <= 3.10.3 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor &lt; 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.2 [CVE-2024-29108, WordPress Happy Addons for Elementor Plugin <= 3.10.1 is vulnerable to Cross Site Scripting (XSS)]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-1387, Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure, WordPress Happy Addons for Elementor Plugin <= 3.10.4 is vulnerable to Sensitive Data Exposure]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-2789, Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.4 [CVE-2024-2786, Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-2788, Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.4 [CVE-2024-1498, Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-2787, Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-3724, Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.6 [CVE-2024-3891, Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags, WordPress Happy Addons for Elementor Plugin <= 3.10.5 is vulnerable to Cross Site Scripting (XSS)]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.5 [CVE-2024-32698, WordPress Happy Addons for Elementor Plugin <= 3.10.4 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.7 [CVE-2024-3890, Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget, WordPress Happy Addons for Elementor Plugin <= 3.10.6 is vulnerable to Cross Site Scripting (XSS)]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.8 [CVE-2024-4478, WordPress Happy Addons for Elementor Plugin <= 3.10.7 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group Widget]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.8 [CVE-2024-4391, Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.9 [CVE-2024-4865, Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter, WordPress Happy Addons for Elementor Plugin <= 3.10.8 is vulnerable to Cross Site Scripting (XSS)]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.9 [CVE-2024-5088, Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.11.0 [CVE-2024-5041, Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.11.0 [CVE-2024-5347, WordPress Happy Addons for Elementor Plugin <= 3.10.9 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.11.2 [CVE-2024-5790, Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget, WordPress Happy Addons for Elementor Plugin <= 3.11.1 is vulnerable to Cross Site Scripting (XSS)]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.10.1 [Happy Elementor Addons &lt; 3.10.1 - Contributor+ Stored Cross-Site Scripting]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.11.3 [CVE-2024-6627, Happy Addons for Elementor <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget, WordPress Happy Addons for Elementor Plugin <= 3.11.2 is vulnerable to Cross Site Scripting (XSS)]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.12.3 [CVE-2024-8801, Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure, WordPress Happy Addons for Elementor Plugin <= 3.12.2 is vulnerable to Sensitive Data Exposure]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.12.1 [CVE-2024-47357, WordPress Happy Addons for Elementor Plugin <= 3.12.0 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.12.4 [CVE-2024-48045, WordPress Happy Addons for Elementor Plugin <= 3.12.3 is vulnerable to Broken Access Control, Happy Addons for Elementor <= 3.12.3 - Missing Authorization]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.12.6 [CVE-2024-10538, WordPress Happy Addons for Elementor Plugin <= 3.12.5 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.15.2 [CVE-2024-12852, WordPress Happy Addons for Elementor Plugin <= 3.15.1 is vulnerable to Cross Site Scripting (XSS), Happy Addons for Elementor <= 3.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2024-51153]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.16.3 [CVE-2025-30766, Happy Addons for Elementor <= 3.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2025-8407]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.12.3 [Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library, Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library, Magnific Popups JavaScript Library &lt; 1.2.0 - Contributor+ Stored XSS, EUVD-2024-54725]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.20.4 [CVE-2025-63077, Happy Addons for Elementor <= 3.20.3 - Missing Authorization]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.20.4 [CVE-2025-14635, Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.20.6 [CVE-2025-68999, Happy Addons for Elementor <= 3.20.4 - Authenticated (Contributor+) SQL Injection]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.21.1 [CVE-2026-2917, Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.21.1 [CVE-2026-2918, Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.20.8 [CVE-2026-1210, Happy Addons for Elementor <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta Field]
  • Happy Addons for Elementor [happy-elementor-addons] < 3.21.0 [CVE-2026-25468, Happy Addons for Elementor <= 3.20.8 - Unauthenticated Information Exposure]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.