CVE-2024-3891
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 19,846 live websites that are affected by CVE-2024-3891.
Affected Software
| Product |  Happy Elementor Addons |
| Category | Wordpress Plugins |
| Vulnerable Domains | 19,846 live websites (30.85% of Happy Elementor Addons install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 103 versions ( 80.47% of all versions) |
Details
- Published - May 2, 2024
- Updated - Aug 1, 2024
Credits
- wesley (finder)
CVE References
CVE-2024-3891 usage by Country
 United States | 5,722 websites |
 Germany | 2,292 websites |
 Brazil | 1,618 websites |
 France | 1,303 websites |
 Poland | 865 websites |
 Cyprus | 806 websites |
 Russia | 607 websites |
 GB | 488 websites |
 Japan | 482 websites |
 Spain | 356 websites |
CVE-2024-3891 usage by TLD
| .com | 7,183 websites |
| .com.br | 2,327 websites |
| .de | 883 websites |
| .pl | 679 websites |
| .org | 671 websites |
| .fr | 485 websites |
| .ru | 457 websites |
| .net | 351 websites |
| .co.uk | 299 websites |
| .it | 290 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-3891
Top websites that are affected by CVE-2024-3891. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********************.com | United States | *,*** | |
| *********.com | United States | **,*** | |
| *******.org | United States | **,*** | |
| ******.net | United States | **,*** | |
| ********.**.il |  Israel | **,*** | |
| ******.org | United States | **,*** | |
| ********.com | United States | **,*** | |
| **********.jp | United States | ***,*** | |
| ************.com |  Austria | ***,*** | |
| **********.net | United States | ***,*** |
FAQ
A total of 19,846 websites have been identified as vulnerable to CVE-2024-3891, discovered through global website indexing conducted by WebTechSurvey.
Happy Elementor Addons is susceptible to CVE-2024-3891 vulnerability.
Happy Elementor Addons versions before, and including, 3.10.5 are vulnerable to CVE-2024-3891.