Master Addons for Elementor

Liton Arefin

Developer

2.0.9.9

Latest version

40,000

Installations

Oct 29, 2025

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

1 present

22 fixed

6 Mitigation rules

Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox vulnerability
<= 2.0.9.0
Aug 11, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.0.8.2
Jul 16, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
<= 2.0.7.2
Mar 4, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
<= 2.0.7.1
Mar 4, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip Module vulnerability
<= 2.0.6.7
Jan 6, 2025
Cross Site Scripting (XSS) vulnerability
<= 2.0.9.9
Nov 11, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element vulnerability
<= 2.0.6.4
Sep 10, 2024
Cross Site Scripting (XSS) vulnerability
<= 2.0.6.2
Jul 11, 2024
Missing Authorization to MA Template Creation or Modification vulnerability
<= 2.0.6.1
Jun 7, 2024
Cross Site Scripting (XSS) vulnerability
<= 2.0.6.0
Jun 6, 2024
Cross Site Scripting (XSS) vulnerability
<= 2.0.5.9
Jun 6, 2024
Broken Access Control on API vulnerability
<= 2.0.5.4.1
Jun 3, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 2.0.6.0
May 16, 2024
Contributor+ Stored Cross-Site Scripting vulnerability
<= 2.0.5.9
May 1, 2024
Broken Access Control on Duplicate Post vulnerability
<= 2.0.5.4.1
Apr 25, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget vulnerability
<= 2.0.5.6
Mar 26, 2024
Cross Site Scripting (XSS) vulnerability
<= 2.0.5.4.1
Mar 25, 2024
Contributor+ Stored Cross-Site Scripting vulnerability
<= 2.0.3
Oct 11, 2023
Broken Access Control vulnerability
<= 2.0.5.3
Aug 22, 2023
Reflected Cross Site Scripting (XSS) vulnerability
< 2.0.3
Jul 18, 2023
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
< 1.8.5
Feb 28, 2022
Sensitive Information Disclosure vulnerability
< 1.8.5
Feb 28, 2022
Reflected Cross-Site Scripting (XSS) vulnerability
<= 1.8.1
Feb 21, 2022