CVE-2024-52387
Awaiting Analysis Awaiting Analysis - Queue
Stored XSS in Master Addons for Elementor

Publication date: 2026-02-20

Last updated on: 2026-02-27

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2024-52387
EUVD
EUVD-2024-55450
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
liton_arefin master_addons_for_elementor From 2.0.0 (inc) to 2.0.9.9.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-52387 is a Cross Site Scripting (XSS) vulnerability in the WordPress Master Addons for Elementor Plugin versions up to and including 2.0.9.9.4.

This vulnerability allows an attacker to inject malicious scripts into web pages generated by the plugin. These scripts can execute when visitors access the compromised site.

Exploitation requires user interaction and a privileged user role, such as an author or developer, who might click a malicious link, visit a crafted page, or submit a form.

The injected scripts can perform actions like redirects, displaying unwanted advertisements, or other harmful HTML payloads.

Impact Analysis

[{'type': 'paragraph', 'content': 'Successful exploitation of this vulnerability can lead to the execution of malicious scripts on your website, potentially compromising the experience and security of your visitors.'}, {'type': 'list_item', 'content': 'Attackers can redirect users to malicious sites.'}, {'type': 'list_item', 'content': 'Unwanted advertisements or harmful content can be injected into your web pages.'}, {'type': 'list_item', 'content': "It may damage your website's reputation and trustworthiness."}, {'type': 'paragraph', 'content': 'However, this vulnerability is considered a moderate risk with a CVSS score of 5.9 and is unlikely to be widely exploited.'}, {'type': 'paragraph', 'content': 'It is recommended to update the plugin to version 2.1.0 or later to mitigate this risk.'}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability affects the WordPress Master Addons for Elementor Plugin versions up to and including 2.0.9.9.4. Detection involves verifying the plugin version installed on your WordPress site.

You can check the installed plugin version by running commands on your server or using WordPress admin interface.

  • Use WP-CLI command to check plugin version: wp plugin list | grep master-addons
  • Manually verify the plugin version in the WordPress admin dashboard under Plugins.

Since this is a stored XSS vulnerability triggered by user interaction, network detection would require monitoring for suspicious HTTP requests or unusual script injections, but no specific detection commands are provided.

Mitigation Strategies

The primary mitigation step is to update the Master Addons for Elementor plugin to version 2.1.0 or later, where this vulnerability has been patched.

If you are a Patchstack user, enable auto-updates specifically for vulnerable plugins to ensure prompt mitigation.

Additionally, limit privileged user roles (such as authors or developers) from interacting with untrusted content or links to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-52387. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart