Lucene search
K

6 matches found

CVE
CVE
added 2026/06/06 1:26 a.m.27 views

CVE-2026-9281

The CVE-2026-9281 affects the WordPress plugin Master Addons For Elementor (Widgets/Extensions/Theme Builder/Popup Builder & Template Kits). Vulnerable component: the jtlma_custom_js (Custom JS Extension) page-setting storage, where insufficient input sanitization and output escaping allow a stor...

6.4CVSS5.7AI score0.00214EPSS
Exploits0References8
CVE
CVE
added 2026/02/20 11:26 a.m.35 views

CVE-2026-2486

CVE-2026-2486 concerns the WordPress plugin Master Addons For Elementor. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the parameter ma_el_bh_table_btn_text in versions up to and including 2.1.1, caused by insufficient input sanitization and output escaping. The exposure all...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References2
CVE
CVE
added 2024/06/08 2:15 p.m.53 views

CVE-2024-35702

CVE-2024-35702 affects WordPress Master Addons for Elementor plugin (

6.5CVSS6AI score0.00237EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/29 10:15 a.m.17 views

CVE-2024-33595

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1...

8.8CVSS4.7AI score0.00452EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress Master Addons for Elementor Plugin < 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Master Addons for Elementor Type Plugin Vulnerable versions 2.0.3 Fixed in 2.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1cb661f3de8e Credits Rafie Muhammad...

6.9AI score0.00284EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/03/14 2:41 p.m.22 views

CVE-2022-0327 Master Addons for Elementor < 1.8.2 - Reflected Cross-Site Scripting

The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the errormessage parameter before outputting it back in the response of the jltmarestrictcontent AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scriptin...

6.3AI score0.00783EPSS
Exploits2References1
Rows per page
Query Builder