CVE-2024-52387
Stored XSS in Master Addons for Elementor
Publication date: 2026-02-20
Last updated on: 2026-02-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liton_arefin | master_addons_for_elementor | From 2.0.0 (inc) to 2.0.9.9.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-52387 is a Cross Site Scripting (XSS) vulnerability in the WordPress Master Addons for Elementor Plugin versions up to and including 2.0.9.9.4.
This vulnerability allows an attacker to inject malicious scripts into web pages generated by the plugin. These scripts can execute when visitors access the compromised site.
Exploitation requires user interaction and a privileged user role, such as an author or developer, who might click a malicious link, visit a crafted page, or submit a form.
The injected scripts can perform actions like redirects, displaying unwanted advertisements, or other harmful HTML payloads.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Successful exploitation of this vulnerability can lead to the execution of malicious scripts on your website, potentially compromising the experience and security of your visitors.'}, {'type': 'list_item', 'content': 'Attackers can redirect users to malicious sites.'}, {'type': 'list_item', 'content': 'Unwanted advertisements or harmful content can be injected into your web pages.'}, {'type': 'list_item', 'content': "It may damage your website's reputation and trustworthiness."}, {'type': 'paragraph', 'content': 'However, this vulnerability is considered a moderate risk with a CVSS score of 5.9 and is unlikely to be widely exploited.'}, {'type': 'paragraph', 'content': 'It is recommended to update the plugin to version 2.1.0 or later to mitigate this risk.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the WordPress Master Addons for Elementor Plugin versions up to and including 2.0.9.9.4. Detection involves verifying the plugin version installed on your WordPress site.
You can check the installed plugin version by running commands on your server or using WordPress admin interface.
- Use WP-CLI command to check plugin version: wp plugin list | grep master-addons
- Manually verify the plugin version in the WordPress admin dashboard under Plugins.
Since this is a stored XSS vulnerability triggered by user interaction, network detection would require monitoring for suspicious HTTP requests or unusual script injections, but no specific detection commands are provided.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Master Addons for Elementor plugin to version 2.1.0 or later, where this vulnerability has been patched.
If you are a Patchstack user, enable auto-updates specifically for vulnerable plugins to ensure prompt mitigation.
Additionally, limit privileged user roles (such as authors or developers) from interacting with untrusted content or links to reduce the risk of exploitation.