CVE-2026-25468

MEDIUM

WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerability

Title source: cna

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.

References (1)

Core 1

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/wordpress/plugin/happy-elementor-addons/vulnerability/wordpress-happy-addons-for-elementor-plugin-3-20-8-sensitive-data-exposure-vulnerability?_s_id=cve

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (1)

weDevs/Happy Addons for Elementor < 3.20.8

Published May 07, 2026

Tracked Since May 07, 2026