Name of the Vulnerable Software and Affected Versions:

Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.15.1

Description:

The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages via the `ha cmc text` parameter of the Happy Mouse Cursor. These scripts will execute whenever a user accesses an injected page.

Recommendations:

For Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.15.1, update to a version higher than 3.15.1 to resolve the issue.

As a temporary workaround, consider restricting access to the Happy Mouse Cursor feature until a patch is available.

Avoid using the `ha cmc text` parameter in the affected plugin until the issue is resolved.