This vulnerability in HappyMonster Happy Addons for Elementor (<= 3.20.4) involves improper neutralization of special elements in SQL commands, enabling blind SQL injection attacks. An attacker with network access and low privileges can exploit this issue without user interaction, potentially compromising data confidentiality and causing limited denial of service. The CVSS v3.1 base score is 8.5, reflecting high severity with network attack vector, low attack complexity, and no user interaction required. The vulnerability results in a confidentiality breach without integrity impact and limited availability impact.

Successful exploitation could allow an attacker to extract sensitive information from the backend database (high confidentiality impact) and cause limited disruption to service availability. There is no indication of integrity compromise. The vulnerability requires low privileges but no user interaction, increasing its risk profile. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor communications for updates. Until a fix is available, consider restricting access to the affected plugin functionality and applying web application firewall (WAF) rules to detect and block SQL injection attempts specific to this plugin.