CVE-2024-33595 – WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on Duplicate Post vulnerability
https://notcve.org/view.php?id=CVE-2024-33595
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. Vulnerabilidad de autorización faltante en Jewel Theme Master Addons for Elementor. Este problema afecta a los complementos maestros para Elementor: desde n/a hasta 2.0.5.4.1. The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the jltma_duplicator_row_actions() function in versions up to, and including, 2.0.5.4.1. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate posts that may contain sensitive information. • https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-for-elementor-plugin-2-0-5-4-1-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-29911 – WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29911
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Jewel Theme Master Addons for Elementor permite XSS almacenado. Este problema afecta a Master Addons para Elementor: desde n/a hasta 2.0.5.4.1. The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.5.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-for-elementor-plugin-2-0-5-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40679 – Master Addons for Elementor <= 2.0.5.3 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-40679
The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized functionality access due to a missing capability check on the jltma_rest_api_action REST API action in versions up to, and including, 2.0.5.3. This makes it possible for unauthenticated attackers to invoke methods intended for higher privileged users. • CWE-862: Missing Authorization •