Cross Site Scripting Alert on Master Addons Plugin Post-Update

  • Resolved mrgcopper

    (@mrgcopper)


    12 months ago

    Dear Master Addons Team,

    We have been using the “Master Addons for Elementor” plugin (v2.0.7.6) on some of our websites. Although we have updated the plugin to the latest version, our security scanner is still reporting the following issue:

    “WordPress Master Addons plugin <= 2.0.7.6 – Cross Site Scripting (XSS) vulnerability”

    We would like to clarify a few things:

    1. Has this vulnerability been fixed in a specific version? If so, which version includes the patch?
    2. Even after updating, why does the vulnerability still appear in our security scans?
    3. Are there any additional steps we should take to clear this alert or ensure our sites are fully protected?

    We have attached a screenshot of the security alert for your reference.
    See Screenshort: https://prnt.sc/12xGtSXDO9Pf

    We would appreciate your assistance in resolving this issue.

    Best regards,
    Dave Weil

Viewing 4 replies - 1 through 4 (of 4 total)
  • Mustafa Kamal hossain

    (@nisan92)

    11 months, 4 weeks ago

    Hi Dave,

    Thank you for reaching out and providing this detailed information, as well as the screenshot. We appreciate you bringing this to our attention.

    We are aware of this “Cross Site Scripting (XSS) vulnerability” issue in versions <= 2.0.7.6 of the Master Addons plugin.

    We are happy to confirm that the XSS vulnerability has been addressed and fixed in our latest plugin version, 2.0.8.1.

    To resolve this, please ensure you update your “Master Addons for Elementor” plugin to version 2.0.8.1 . After the update is complete, we highly recommend running another full security scan on your sites.

    Hopefully, this will clear the alert. If, however, the issue persists after updating to 2.0.8.1 and running a fresh scan, please let us know, and we’ll be glad to assist further.

    Best regards,
    Master Addons Team

    Thread Starter mrgcopper

    (@mrgcopper)

    11 months, 4 weeks ago

    Dear Master Addons Support Team,

    Thank you for your prompt response and for addressing the XSS vulnerability issue in version 2.0.8.1 of the “Master Addons for Elementor” plugin. I followed your instructions and updated the plugin to version 2.0.8.1, and I also performed a full security scan on my site.

    However, the vulnerability alert is still appearing, and it seems that the issue has not been fully resolved. Could you please assist me further in troubleshooting this or let me know if there is an additional step I need to take?

    We have attached a screenshot of the security alert for your reference (https://prnt.sc/gD4dg9ffKDuH)

    Updated Plugin Screenshot:

    Best regards,
    Dave Weil

    Thread Starter mrgcopper

    (@mrgcopper)

    11 months, 4 weeks ago

    Updated Plugin Screenshot: https://prnt.sc/WkCbRalMi2ZE

    Plugin Support jemeeroy

    (@jemeeroy)

    11 months, 1 week ago

    Hello @mrgcopper

    We have reviewed and fixed the issue in our latest update too.

    Thank you

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Cross Site Scripting Alert on Master Addons Plugin Post-Update’ is closed to new replies.