Stored Cross-Site Scripting Vulnerability in Master Addons Plugin for WordPress
CVE-2024-9618
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 4 March 2025
Summary
The Master Addons plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting (XSS) through multiple widgets. This security flaw is present in all versions up to and including 2.0.7.2 and arises from inadequate input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access or higher can exploit this issue to inject malicious web scripts into pages. These scripts will subsequently execute whenever a user accesses the compromised page, potentially leading to unauthorized actions or data exposure.
Affected Version(s)
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations * <= 2.0.7.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved