CVE-2024-12852

Name of the Vulnerable Software and Affected Versions Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.15.1

Description The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages via the ha cmc text parameter of the Happy Mouse Cursor. These scripts will execute whenever a user accesses an injected page.

Recommendations For Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.15.1, update to a version higher than 3.15.1 to resolve the issue. As a temporary workaround, consider restricting access to the Happy Mouse Cursor feature until a patch is available. Avoid using the ha cmc text parameter in the affected plugin until the issue is resolved.