Stored XSS Vulnerability in Master Addons for Elementor by Liton Arefin
CVE-2024-52387

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Master Addons For Elementor
Vendor: CVE Published:; 20 February 2026

What is CVE-2024-52387?

A security flaw has been identified in the Master Addons for Elementor plugin developed by Liton Arefin, which allows for Stored Cross-site Scripting (XSS). This vulnerability arises from improper input neutralization during web page generation, enabling attackers to inject malicious scripts that could be executed in users' browsers. Affected versions include everything up to 2.0.9.9.4, making it crucial for site administrators to update to secure versions to mitigate these risks. For more details on this vulnerability, please refer to the Patchstack database.

Affected Version(s)

Master Addons for Elementor 0 <= 2.0.9.9.4

References

https://patchstack.com/database/Wordpress/Plugin/master-a...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Nov 11, 2024

Credit

Michael | Patchstack Bug Bounty Program

CVE-2024-52387 Data

JSON