Happy
Monthly
Broken access control in the HAPPY WordPress helpdesk and support ticket plugin (versions through 1.0.10) by VillaTheme permits unauthenticated remote attackers to invoke restricted plugin functionality without any authorization check. The vulnerability stems from missing authorization gates on plugin endpoints, classified under CWE-862, enabling limited integrity and availability impact against affected WordPress installations. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.
Broken access control in the HAPPY WordPress helpdesk and support ticket plugin (versions through 1.0.10) by VillaTheme permits unauthenticated remote attackers to invoke restricted plugin functionality without any authorization check. The vulnerability stems from missing authorization gates on plugin endpoints, classified under CWE-862, enabling limited integrity and availability impact against affected WordPress installations. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.