{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T15:26:49.341","vulnerabilities":[{"cve":{"id":"CVE-2026-2918","sourceIdentifier":"security@wordfence.com","published":"2026-03-11T08:16:03.567","lastModified":"2026-04-22T21:27:27.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_update` AJAX action. This is due to the `validate_reqeust()` method using `current_user_can('edit_posts', $template_id)` instead of `current_user_can('edit_post', $template_id)` — failing to perform object-level authorization. Additionally, the `ha_get_current_condition` AJAX action lacks a capability check. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify the display conditions of any published `ha_library` template. Because the `cond_to_html()` renderer outputs condition values into HTML attributes without proper escaping (using string concatenation instead of `esc_attr()`), an attacker can inject event handler attributes (e.g., `onmouseover`) that execute JavaScript when an administrator views the Template Conditions panel, resulting in Stored Cross-Site Scripting."},{"lang":"es","value":"El plugin Happy Addons para Elementor para WordPress es vulnerable a Referencia Directa a Objeto Insegura en todas las versiones hasta la 3.21.0, inclusive, a través de la acción AJAX 'ha_condition_update'. Esto se debe a que el método 'validate_reqeust()' usa 'current_user_can('edit_posts', $template_id)' en lugar de 'current_user_can('edit_post', $template_id)' — lo que impide realizar una autorización a nivel de objeto. Además, la acción AJAX 'ha_get_current_condition' carece de una verificación de capacidad. Esto hace posible que atacantes autenticados, con acceso de nivel Colaborador o superior, modifiquen las condiciones de visualización de cualquier plantilla 'ha_library' publicada. Debido a que el renderizador 'cond_to_html()' genera valores de condición en atributos HTML sin un escape adecuado (usando concatenación de cadenas en lugar de 'esc_attr()'), un atacante puede inyectar atributos de gestor de eventos (por ejemplo, 'onmouseover') que ejecutan JavaScript cuando un administrador ve el panel de Condiciones de Plantilla, lo que resulta en Cross-Site Scripting Almacenado."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.20.7/classes/condition-manager.php#L237","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.20.7/classes/condition-manager.php#L525","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/classes/condition-manager.php#L237","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/classes/condition-manager.php#L525","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3475242%40happy-elementor-addons%2Ftrunk&old=3463375%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1a3fe49b-cc0d-4b29-aae5-46307483b8d4?source=cve","source":"security@wordfence.com"}]}}]}