Stored Cross-Site Scripting Vulnerability in Master Addons for Elementor by WordPress
CVE-2025-5284

6.4MEDIUM

Key Information:

Vendor

WordPress
Status
Master Addons – Elementor Addons With White Label, Free Widgets, Hover Effects, Conditions, & Animations
Vendor
CVE Published:
16 July 2025

What is CVE-2025-5284?

The Master Addons plugin for WordPress, specifically the Custom JS extension, is susceptible to Stored Cross-Site Scripting. This vulnerability arises from inadequate capability restrictions and poor input sanitization and output escaping. Authenticated attackers with Contributor-level access can exploit this weakness to inject arbitrary scripts into pages. Such scripts are executed when users visit the compromised pages, potentially leading to serious security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations * <= 2.0.8.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/master-addons/...
https://plugins.trac.wordpress.org/changeset/3325322/

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

D.Sim
JSON
.