16 matches found
CVE-2024-35660
CVE-2024-35660 : A missing-authorizatio n vulnerability in Jewel Theme Master Addons for Elementor , affecting the plugin family “Master Addons for Elementor” versions from n/a up to 2.0.5.4.1. The connected documents provide the basic vulnerability type and affected range but do not disclose roo...
CVE-2024-5382
CVE-2024-5382 affects Master Addons – Free Widgets for Elementor (WordPress). A missing capability check on the ma-template REST API route allows unauthenticated attackers to create or modify Master Addons templates and related settings in all versions up to 2.0.6.1. The Red Hat advisory confirms...
CVE-2025-0433
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations WordPress plugin is vulnerable to Stored Cross-Site Scripting via the id parameter in versions up to 2.0.7.1. Exploitation requires authentication at Contributor level or higher and can in...
CVE-2024-4580
CVE-2024-4580 affects the Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor (WordPress). The vulnerability is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping in multiple parameters, making authenticated attac...
CVE-2024-29911
CVE-2024-29911 is an input handling flaw causing stored XSS in Master Addons for Elementor (Jewel Theme Master Addons). Affected: Master Addons for Elementor from n/a through 2.0.5.4.1. The connected documents confirm the issue type as Cross-Site Scripting due to improper input neutralization, bu...
CVE-2024-3134
CVE-2024-3134 affects Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor (WordPress). The issue is Stored Cross‑Site Scripting via the title_html_tag attribute in all versions up to 2.0.6.0, caused by insufficient input sanitization and output escaping. Impa...
CVE-2024-9502
CVE-2024-9502 : Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip module in all versions up to 2.0.6.7 due to insufficient input sanitization and output escaping on us...
CVE-2024-5542
CVE-2024-5542 affects Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor (Mega Menu) for WordPress. It is a Stored XSS via the Navigation Menu widget in the Mega Menu extension in all versions up to 2.0.6.1, caused by insufficient input sanitization and outp...
CVE-2024-4265
CVE-2024-4265 affects the Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the url parameter, attributed to insufficient input sanitization and output escaping. Exploitation req...
CVE-2024-33595
Technical details (exploit, impact, fixed version) for CVE-2024-33595 are not provided in the connected documents; the initial entry notes a missing authorization issue affecting Master Addons for Elementor up to 2.0.5.4.1. Monitor for updates.
CVE-2024-2139
CVE-2024-2139: The Master Addons for Elementor plugin (WordPress) Pricing Table widget is vulnerable to Stored Cross-Site Scripting in all versions up to 2.0.5.6 due to insufficient input sanitization and output escaping. The vulnerability permits authenticated attackers with contributor-level ac...
CVE-2024-35702
CVE-2024-35702 affects WordPress Master Addons for Elementor plugin (
CVE-2024-35688
WordPress Master Addons for Elementor plugin ( 2.0.5.9, specifically fixed in 2.0.6.0. Patch sources (Patchstack) note low exploit likelihood; no exploitation details provided in the document set. References include Patchstack entries indicating vulnerability and fix. Monitor for updates as detai...
CVE-2024-6282
CVE-2024-6282 affects Master Addons – Elementor Addons for WordPress. It is a Stored Cross-Site Scripting vulnerability in the data-jltma-wrapper-link attribute due to insufficient input sanitization and output escaping in all versions up to 2.0.6.4. Exploitation requires an authenticated user wi...
CVE-2024-9618
CVE-2024-9618: Master Addons for Elementor (WordPress) is affected by a Stored Cross-Site Scripting vulnerability in multiple widgets, present in all versions up to 2.0.7.2. Root cause is insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authen...
CVE-2024-38710
CVE-2024-38710 : Stored XSS in Master Addons for Elementor (WordPress plugin) up to version 2.0.6.2. Root cause: improper neutralization during web page generation. Affected: Master Addons for Elementor. Impact: authenticated users may inject script that could be stored and served to other users;...