Plugin icon

Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits

master-addons

Vulnerabilities:

27

Last Updated:

June 22, 2026

Active Installs:

30000

Published
Title
Fixed in
CVSS
Published
2026-06-05
Title
Master Addons For Elementor < 3.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'jtlma_custom_js' Page Setting (Custom JS Extension)
Fixed in
Fixed in 3.1.1
CVSS
5.5 (medium)
Published
2026-04-30
Title
Freemius < 2.11.0 - Reflected DOM-Based XSS via url Parameter
Fixed in
Fixed in 2.0.7.3
CVSS
7.1 (high)
Published
2026-03-16
Title
Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits < 2.1.4 - Authenticated (Author+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.1.4
CVSS
5.5 (medium)
Published
2026-02-19
Title
Master Addons For Elementor < 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text'
Fixed in
Fixed in 2.1.2
CVSS
6.4 (medium)
Published
2025-12-31
Title
Master Addons for Elementor < 2.1.0 - Unauthenticated Insecure Direct Object Reference
Fixed in
Fixed in 2.1.0
CVSS
5.3 (medium)
Published
2025-12-05
Title
Master Addons for Elementor < 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.1.0
CVSS
6.4 (medium)
Published
2025-08-11
Title
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations < 2.0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox
Fixed in
Fixed in 2.0.9.1
CVSS
6.4 (medium)
Published
2025-07-15
Title
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations < 2.0.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.0.8.3
CVSS
6.4 (medium)
Published
2025-03-03
Title
Master Addons < 2.0.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Fixed in
Fixed in 2.0.7.3
CVSS
6.4 (medium)
Published
2025-03-03
Title
Master Addons < 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
Fixed in
Fixed in 2.0.7.2
CVSS
6.4 (medium)
Published
2025-01-06
Title
Master Addons -- Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip Module
Fixed in
Fixed in 2.0.6.8
CVSS
6.4 (medium)
Published
2024-11-11
Title
Master Addons for Elementor < 2.1.0 - Author+ Stored XSS
Fixed in
Fixed in 2.1.0
CVSS
5.9 (medium)
Published
2024-09-09
Title
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element
Fixed in
Fixed in 2.0.6.5
CVSS
5.4 (medium)
Published
2024-07-11
Title
Master Addons for Elementor < 2.0.6.3 - Authenticated (Author+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.0.6.3
CVSS
6.4 (medium)
Published
2024-06-06
Title
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to MA Template Creation or Modification
Fixed in
Fixed in 2.0.6.2
CVSS
6.5 (medium)
Published
2024-06-06
Title
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget
Fixed in
Fixed in 2.0.6.2
CVSS
7.2 (high)
Published
2024-06-03
Title
Master Addons for Elementor < 2.0.5.6 - Missing Authorization via get_jltma_save_menuitem_settings()
Fixed in
Fixed in 2.0.5.6
CVSS
5.3 (medium)
Published
2024-05-16
Title
Master Addons for Elementor < 2.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.0.6.1
CVSS
6.4 (medium)
Published
2024-05-15
Title
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.0.6.1
CVSS
6.4 (medium)
Published
2024-04-29
Title
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.0 - Contributor+ Stored Cross-Site Scripting
Fixed in
Fixed in 2.0.6.0
CVSS
6.4 (medium)
Published
2024-04-25
Title
Master Addons for Elementor < 2.0.5.6 - Missing Authorization on Duplicate Post
Fixed in
Fixed in 2.0.5.6
CVSS
4.3 (medium)
Published
2024-03-26
Title
Master Addons for Elementor < 2.0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget
Fixed in
Fixed in 2.0.5.7
CVSS
6.4 (medium)
Published
2024-03-25
Title
Master Addons for Elementor < 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 2.0.5.6
CVSS
6.4 (medium)
Published
2023-10-11
Title
Master Addons for Elementor < 2.0.4 - Contributor+ Stored XSS
Fixed in
Fixed in 2.0.4
CVSS
5.9 (medium)
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Fixed in
Fixed in 2.0.3
CVSS
6.1 (medium)
Published
2022-02-28
Title
Unauthorised AJAX Calls via Freemius
Fixed in
Fixed in 1.8.5
CVSS
4.3 (medium)
Published
2022-02-21
Title
Master Addons for Elementor < 1.8.2 - Reflected Cross-Site Scripting
Fixed in
Fixed in 1.8.2
CVSS
6.1 (medium)