cleantalk
Vulnerabilities and Security Researches

Master Addons for Elementor, CVE-2025-8874

CVE, Research URL

CVE-2025-8874

Home page URL

Security reports for Master Addons for Elementor

Application

Master Addons for Elementor

Published on
Aug 12, 2025
Research Description
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.0.9.1.
Status
vulnerable
Previous vulnerability researches
Supermalink (CVE-2025-49433) , Aug 02, 2025
New vulnerability
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2025-54028) , Aug 13, 2025
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks (CVE-2025-54007) , Aug 13, 2025
WooCommerce Purchase Orders (CVE-2025-5391) , Aug 13, 2025
RentSyst – CRM solution for fleet management (CVE-2025-48152) , Aug 12, 2025
Mosaic Generator (CVE-2025-8621) , Aug 12, 2025