The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to S

WORDPRESS

16-07-2025 07:20

CVE-2025-5284 Vulnerabilidad documentada

6.4 MEDIUM

Tags

#wordpress

#site

#plugin

#cross

#web

#elementor

#cross-site

#add

#/elementor(.*)wordpress/iU

#elementor wordpress

#cross-site scripting

#attackers

#authenticated

#arbitrary

#vulnerable

#scripting

#inject

#execute

#attack

#access

Descripción

The Master Addons – Elementor with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS extension in all versions up to, and including, 2.0.8.2 due insufficient capability restriction, input sanitization output escaping. This makes it possible authenticated attackers, Contributor-level access above, inject arbitrary web scripts pages that will execute whenever a user accesses an injected page.

https://plugins.trac.wordpress.org/browser/master-addons/trunk/inc/modules/custom-js/custom-js.php

https://plugins.trac.wordpress.org/changeset/3325322/

https://www.wordfence.com/threat-intel/vulnerabilities/id/0e1982bd-3ea8-48cd-8b89-39910567525c?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-5284

Resultados similares

Coincidentes en almenos en 50% de los tags

16-07-2025 CVE-2025-31427
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabil...
Ver información

16-07-2025 CVE-2025-31422
Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress ...
Ver información