NotCVE - vendor:"Master Addons" product:"Master Addons"

9 results (0.004 seconds)

CVSS: 6.4EPSS: %CPEs: 1EXPL: 0

CVE-2024-52387 – Master Addons for Elementor <= 2.0.6.6 - Authenticated (Author+) Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2024-52387

The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-38710 – WordPress Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin <= 2.0.6.2 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-38710

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.2. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Jewel Theme Master Addons para Elementor permite XSS almacenado. Este problema afecta a Master Addons para Elementor: desde n/a hasta 2.0.6.2. The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/master-addons/wordpress-master-addons-free-widgets-hover-effects-toggle-conditions-animations-for-elementor-plugin-2-0-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-35688 – WordPress Master Addons for Elementor plugin <= 2.0.5.9 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-35688

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-5542 – Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget

https://notcve.org/view.php?id=CVE-2024-5542

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Los complementos Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor para WordPress son vulnerables a Cross-Site Scripting Almacenado a través del widget del menú de navegación de la extensión Mega Menú del complemento en todas las versiones hasta la 2.0.6.1 incluida debido a una sanitización insuficiente de las entradas y a que la salida se escape en los atributos proporcionados por el usuario. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/changeset/3096299/master-addons https://www.wordfence.com/threat-intel/vulnerabilities/id/5151f429-b1f3-43d4-94cf-3ff382b80190?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-5382 – Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

https://notcve.org/view.php?id=CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates. Los complementos The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor para WordPress son vulnerables a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la ruta API REST 'ma-template' en todas las versiones hasta e incluyendo, 2.0.6.1. Esto hace posible que atacantes no autenticados creen o modifiquen plantillas de Master Addons existentes o realicen modificaciones de configuración relacionadas con estas plantillas. • https://plugins.trac.wordpress.org/changeset/3096299/master-addons https://www.wordfence.com/threat-intel/vulnerabilities/id/e3820f80-9b80-4672-b2ff-3864793d2de2?source=cve • CWE-862: Missing Authorization •

1 2