Lucene search
K
Master-addonsMaster Addons

16 matches found

CVE
CVE
added 2024/06/09 11:56 a.m.85 views

CVE-2024-35660

CVE-2024-35660 : A missing-authorizatio n vulnerability in Jewel Theme Master Addons for Elementor , affecting the plugin family “Master Addons for Elementor” versions from n/a up to 2.0.5.4.1. The connected documents provide the basic vulnerability type and affected range but do not disclose roo...

9.8CVSS6.8AI score0.00397EPSS
CVE
CVE
added 2024/06/07 12:33 p.m.77 views

CVE-2024-5382

CVE-2024-5382 affects Master Addons – Free Widgets for Elementor (WordPress). A missing capability check on the ma-template REST API route allows unauthenticated attackers to create or modify Master Addons templates and related settings in all versions up to 2.0.6.1. The Red Hat advisory confirms...

6.5CVSS5.9AI score0.00319EPSS
CVE
CVE
added 2025/03/04 8:23 a.m.74 views

CVE-2025-0433

The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations WordPress plugin is vulnerable to Stored Cross-Site Scripting via the id parameter in versions up to 2.0.7.1. Exploitation requires authentication at Contributor level or higher and can in...

6.4CVSS5.8AI score0.00256EPSS
CVE
CVE
added 2024/05/16 11:33 a.m.67 views

CVE-2024-4580

CVE-2024-4580 affects the Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor (WordPress). The vulnerability is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in multiple parameters, making authenticated attac...

6.4CVSS6AI score0.00329EPSS
CVE
CVE
added 2024/03/27 6:59 a.m.66 views

CVE-2024-29911

CVE-2024-29911 is an input handling flaw causing stored XSS in Master Addons for Elementor (Jewel Theme Master Addons). Affected: Master Addons for Elementor from n/a through 2.0.5.4.1. The connected documents confirm the issue type as Cross-Site Scripting due to improper input neutralization, bu...

6.5CVSS8.6AI score0.00343EPSS
CVE
CVE
added 2024/05/16 9:30 p.m.63 views

CVE-2024-3134

CVE-2024-3134 affects Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor (WordPress). The issue is Stored Cross‑Site Scripting via the title_html_tag attribute in all versions up to 2.0.6.0, caused by insufficient input sanitization and output escaping. Impa...

6.4CVSS6AI score0.00257EPSS
CVE
CVE
added 2025/01/07 6:40 a.m.61 views

CVE-2024-9502

CVE-2024-9502 : Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip module in all versions up to 2.0.6.7 due to insufficient input sanitization and output escaping on us...

6.4CVSS5.7AI score0.00373EPSS
CVE
CVE
added 2024/06/07 12:33 p.m.60 views

CVE-2024-5542

CVE-2024-5542 affects Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor (Mega Menu) for WordPress. It is a Stored XSS via the Navigation Menu widget in the Mega Menu extension in all versions up to 2.0.6.1, caused by insufficient input sanitization and outp...

7.2CVSS6.1AI score0.00307EPSS
CVE
CVE
added 2024/05/02 4:52 p.m.57 views

CVE-2024-4265

CVE-2024-4265 affects the Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the url parameter, attributed to insufficient input sanitization and output escaping. Exploitation req...

6.4CVSS6AI score0.00556EPSS
CVE
CVE
added 2024/04/29 9:16 a.m.55 views

CVE-2024-33595

Technical details (exploit, impact, fixed version) for CVE-2024-33595 are not provided in the connected documents; the initial entry notes a missing authorization issue affecting Master Addons for Elementor up to 2.0.5.4.1. Monitor for updates.

8.8CVSS5.1AI score0.00452EPSS
CVE
CVE
added 2024/03/27 1:56 a.m.54 views

CVE-2024-2139

CVE-2024-2139: The Master Addons for Elementor plugin (WordPress) Pricing Table widget is vulnerable to Stored Cross-Site Scripting in all versions up to 2.0.5.6 due to insufficient input sanitization and output escaping. The vulnerability permits authenticated attackers with contributor-level ac...

6.4CVSS6.1AI score0.0034EPSS
CVE
CVE
added 2024/06/08 2:15 p.m.51 views

CVE-2024-35702

CVE-2024-35702 affects WordPress Master Addons for Elementor plugin (

6.5CVSS6AI score0.00237EPSS
CVE
CVE
added 2024/06/08 2:41 p.m.46 views

CVE-2024-35688

WordPress Master Addons for Elementor plugin ( 2.0.5.9, specifically fixed in 2.0.6.0. Patch sources (Patchstack) note low exploit likelihood; no exploitation details provided in the document set. References include Patchstack entries indicating vulnerability and fix. Monitor for updates as detai...

6.5CVSS6AI score0.00262EPSS
CVE
CVE
added 2024/09/10 11:30 a.m.46 views

CVE-2024-6282

CVE-2024-6282 affects Master Addons – Elementor Addons for WordPress. It is a Stored Cross-Site Scripting vulnerability in the data-jltma-wrapper-link attribute due to insufficient input sanitization and output escaping in all versions up to 2.0.6.4. Exploitation requires an authenticated user wi...

5.4CVSS5.3AI score0.00303EPSS
CVE
CVE
added 2025/03/04 8:23 a.m.46 views

CVE-2024-9618

CVE-2024-9618: Master Addons for Elementor (WordPress) is affected by a Stored Cross-Site Scripting vulnerability in multiple widgets, present in all versions up to 2.0.7.2. Root cause is insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authen...

6.4CVSS5.8AI score0.0031EPSS
CVE
CVE
added 2024/07/20 7:29 a.m.45 views

CVE-2024-38710

CVE-2024-38710 : Stored XSS in Master Addons for Elementor (WordPress plugin) up to version 2.0.6.2. Root cause: improper neutralization during web page generation. Affected: Master Addons for Elementor. Impact: authenticated users may inject script that could be stored and served to other users;...

5.9CVSS5.8AI score0.0026EPSS