CVE-2024-38710 – WordPress Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin <= 2.0.6.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-38710
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.2. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Jewel Theme Master Addons para Elementor permite XSS almacenado. Este problema afecta a Master Addons para Elementor: desde n/a hasta 2.0.6.2. The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-free-widgets-hover-effects-toggle-conditions-animations-for-elementor-plugin-2-0-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-35688 – WordPress Master Addons for Elementor plugin <= 2.0.5.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35688
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.9. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Jewel Theme Master Addons para Elementor permite XSS Almacenado. Este problema afecta a Master Addons para Elementor: desde n/a hasta 2.0.5.9. • https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-for-elementor-plugin-2-0-5-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5542 – Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget
https://notcve.org/view.php?id=CVE-2024-5542
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Los complementos Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor para WordPress son vulnerables a Cross-Site Scripting Almacenado a través del widget del menú de navegación de la extensión Mega Menú del complemento en todas las versiones hasta la 2.0.6.1 incluida debido a una sanitización insuficiente de las entradas y a que la salida se escape en los atributos proporcionados por el usuario. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/changeset/3096299/master-addons https://www.wordfence.com/threat-intel/vulnerabilities/id/5151f429-b1f3-43d4-94cf-3ff382b80190?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5382 – Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification
https://notcve.org/view.php?id=CVE-2024-5382
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates. Los complementos The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor para WordPress son vulnerables a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la ruta API REST 'ma-template' en todas las versiones hasta e incluyendo, 2.0.6.1. Esto hace posible que atacantes no autenticados creen o modifiquen plantillas de Master Addons existentes o realicen modificaciones de configuración relacionadas con estas plantillas. • https://plugins.trac.wordpress.org/changeset/3096299/master-addons https://www.wordfence.com/threat-intel/vulnerabilities/id/e3820f80-9b80-4672-b2ff-3864793d2de2?source=cve • CWE-862: Missing Authorization •
CVE-2024-35660 – WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability
https://notcve.org/view.php?id=CVE-2024-35660
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. Vulnerabilidad de autorización faltante en Jewel Theme Master Addons for Elementor. Este problema afecta a los complementos maestros para Elementor: desde n/a hasta 2.0.5.4.1. The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_jltma_save_menuitem_settings function in versions up to, and including, 2.0.5.4.1. This makes it possible for unauthenticated attackers to update menu items. • https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-for-elementor-plugin-2-0-5-4-1-broken-access-control-on-api-vulnerability?_s_id=cve • CWE-862: Missing Authorization •