cleantalk
Vulnerabilities and Security Researches

Master Addons for Elementor, CVE-2023-40679

CVE, Research URL

CVE-2023-40679

Home page URL

Security reports for Master Addons for Elementor

Application

Master Addons for Elementor

Published on
-
Research Description
The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized functionality access due to a missing capability check on the jltma_rest_api_action REST API action in versions up to, and including, 2.0.5.3. This makes it possible for unauthenticated attackers to invoke methods intended for higher privileged users.
Affected versions
max 2.0.5.3.
Status
vulnerable
Previous vulnerability researches
Master Addons for Elementor (CVE-2025-8874) , Aug 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025
Master Addons for Elementor (CVE-2024-5382) , Jun 08, 2024
Master Addons for Elementor (CVE-2024-35660) , Jun 08, 2024
Master Addons for Elementor (CVE-2024-5542) , Jun 08, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025