VYPR
Vendor

Master Addons

Products
2
CVEs
17
Across products
17
Status
Private

Products

2

Recent CVEs

17
  • CVE-2025-8874MedAug 12, 2025
    risk 0.42cvss 6.4epss 0.00

    The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input…

  • CVE-2024-5162MedJun 6, 2024
    risk 0.42cvss 6.4epss 0.00

    The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2024-3134MedMay 16, 2024
    risk 0.42cvss 6.4epss 0.00

    The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization…

  • CVE-2024-29911MedMar 27, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.

  • CVE-2024-5542HigJun 7, 2024
    risk 0.40cvss 7.2epss 0.00

    The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due…

  • CVE-2025-5284MedJul 16, 2025
    risk 0.35cvss 6.4epss 0.00

    The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS extension in all versions up to, and including, 2.0.8.2 due to insufficient…

  • CVE-2024-5382MedJun 7, 2024
    risk 0.35cvss 6.5epss 0.00

    The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including,…

  • CVE-2024-4580MedMay 16, 2024
    risk 0.35cvss 6.4epss 0.00

    The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output…

  • CVE-2024-4265MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.01

    The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and…

  • CVE-2024-2139MedMar 27, 2024
    risk 0.35cvss 6.4epss 0.00

    The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-33595MedApr 29, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.

  • CVE-2025-0433Mar 4, 2025
    risk 0.00cvss epss 0.00

    The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input…

  • CVE-2024-9618Mar 4, 2025
    risk 0.00cvss epss 0.00

    The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.7.2 due to insufficient input…

  • CVE-2024-9502Jan 7, 2025
    risk 0.00cvss epss 0.00

    The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Tooltip module in all versions up to, and including, 2.0.6.7 due to insufficient…

  • CVE-2024-6282Sep 10, 2024
    risk 0.00cvss epss 0.00

    The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input…

  • CVE-2015-10128Jan 2, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be…

  • CVE-2015-9478Oct 10, 2019
    risk 0.00cvss epss 0.01

    prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.