Vulnerabilities and security researches formaster-addons master-addons

Direction: ascending

Jun 07, 2024

Master Addons for Elementor # CVE-2024-2139

CVE, Research URL: CVE-2024-2139
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Mar 27, 2024
Research Description: The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2024-33595

CVE, Research URL: CVE-2024-33595
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Apr 29, 2024
Research Description: Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2024-4265

CVE, Research URL: CVE-2024-4265
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: May 02, 2024
Research Description: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2024-4580

CVE, Research URL: CVE-2024-4580
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: May 16, 2024
Research Description: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2024-3134

CVE, Research URL: CVE-2024-3134
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: May 17, 2024
Research Description: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2022-0327

CVE, Research URL: CVE-2022-0327
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Mar 14, 2022
Research Description: The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2024-29911

CVE, Research URL: CVE-2024-29911
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
Affected versions: Min -, max -.
Status: vulnerable

Jun 08, 2024

Master Addons for Elementor # CVE-2024-5382

CVE, Research URL: CVE-2024-5382
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Jun 07, 2024
Research Description: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2024-35660

CVE, Research URL: CVE-2024-35660
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Jun 09, 2024
Research Description: Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2024-5542

CVE, Research URL: CVE-2024-5542
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Jun 07, 2024
Research Description: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

Master Addons for Elementor # CVE-2023-40679

CVE, Research URL: CVE-2023-40679
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: -
Research Description: The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized functionality access due to a missing capability check on the jltma_rest_api_action REST API action in versions up to, and including, 2.0.5.3. This makes it possible for unauthenticated attackers to invoke methods intended for higher privileged users.
Affected versions: Min -, max -.
Status: vulnerable

Jul 15, 2024

Master Addons for Elementor # CVE-2024-38710

CVE, Research URL: CVE-2024-38710
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Jul 20, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.2.
Affected versions: Min -, max -.
Status: vulnerable

Jul 23, 2024

Master Addons for Elementor # CVE-2024-35702

CVE, Research URL: CVE-2024-35702
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Jun 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.0.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2024-35688

CVE, Research URL: CVE-2024-35688
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Jun 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.9.
Affected versions: Min -, max -.
Status: vulnerable

Sep 11, 2024

Master Addons for Elementor # CVE-2024-6282

CVE, Research URL: CVE-2024-6282
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Sep 10, 2024
Research Description: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks on the injected link.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

Master Addons for Elementor # CVE-2022-4974

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2024-52387

CVE, Research URL: CVE-2024-52387
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: -
Research Description: Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations [master-addons] <= 2.0.7.5 (unfixed) CVE-2024-52387
Affected versions: Min -, max -.
Status: vulnerable

Jan 08, 2025

Master Addons for Elementor # CVE-2024-9502

CVE, Research URL: CVE-2024-9502
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Jan 07, 2025
Research Description: The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Tooltip module in all versions up to, and including, 2.0.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Mar 05, 2025

Master Addons for Elementor # CVE-2024-9618

CVE, Research URL: CVE-2024-9618
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Mar 04, 2025
Research Description: The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Master Addons for Elementor # CVE-2025-0433

CVE, Research URL: CVE-2025-0433
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Mar 04, 2025
Research Description: The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jul 20, 2025

Master Addons for Elementor # CVE-2025-5284

CVE, Research URL: CVE-2025-5284
Home page URL: Security reports for Master Addons for Elementor
Application: Master Addons for Elementor
Date: Jul 16, 2025
Research Description: The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS extension in all versions up to, and including, 2.0.8.2 due to insufficient capability restriction, and insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable