Vulnerability | ww.wp.xz.cn

Resolved igor
(@igoramatuzzi)

1 year, 1 month ago

Hi! i´ve received this message from Wordfence plugin:

Master Addons for Elementor <= 2.0.7.5 – Authenticated (Author+) Stored Cross-Site Scripting

Description

The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/master-addons/master-addons-for-elementor-2066-authenticated-author-stored-cross-site-scripting

thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Liton Arefin
(@litonice13)

1 year ago

Hi @igoramatuzzi,
Thanks for informing about the issue.
We’ve contacted with patchstack and informed them about we’ve pushed patched for this issue.
Also, we’ve pushed update with this issue as well.
Please update the Master Addons plugin.

Thanks

Thread Starter igor
(@igoramatuzzi)

1 year ago

@litonice13 thanks a lot for your feedback!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Vulnerability’ is closed to new replies.

3 replies
2 participants
Last reply from: igor
Last activity: 1 year ago
Status: resolved