CVE-2026-9281

The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...

CVE-2026-9281

The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...

CVE-2026-32462

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through = 2.1.3...

CVE-2026-32462

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through = 2.1.3...

CVE-2026-2486

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maelbhtablebtntext' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-2486

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maelbhtablebtntext' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-21010

Name of the Vulnerable Software and Affected Versions Master Addons For Elementor plugin for WordPress versions 2.1.1 and earlier Description The software is susceptible to a Stored Cross-Site Scripting issue because of inadequate input sanitization and output escaping. This allows authenticated...

PT-2026-21030

Name of the Vulnerable Software and Affected Versions Master Addons for Elementor versions through 2.0.9.9.4 Description A flaw exists in Master Addons for Elementor that allows for Stored Cross-site Scripting XSS. This issue arises from improper handling of user-supplied data during web page...

CVE-2025-63053 WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

PT-2025-54353

Name of the Vulnerable Software and Affected Versions Jewel Theme Master Addons for Elementor versions through 2.0.9.9.4 Description A security issue exists in Master Addons for Elementor related to incorrectly configured access control security levels, allowing for authorization bypass through a...

CVE-2025-63055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

EUVD-2025-201974

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9...

CVE-2025-63055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

PT-2025-50055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9...

EUVD-2025-24226

Malicious code in bioql PyPI...

CVE-2025-8874

CVE-2025-8874 concerns Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations for WordPress. It describes a Stored Cross-Site Scripting (XSS) vulnerability in several widgets due to insufficient input sanitization/output escaping. Affected version...

PT-2025-32634 · WordPress +1 · The Master Addons – Elementor Addons +1

Name of the Vulnerable Software and Affected Versions: Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress versions up to and including 2.0.8.6 Description: The plugin is susceptible to Stored Cross-Site Scripting due to...

WordPress Master Addons for Elementor plugin <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via fancyBox vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.9.0...

CVE-2024-38710

CVE-2024-38710 : Stored XSS in Master Addons for Elementor (WordPress plugin) up to version 2.0.6.2. Root cause: improper neutralization during web page generation. Affected: Master Addons for Elementor. Impact: authenticated users may inject script that could be stored and served to other users;...

CVE-2024-35702

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.0...