Master Addons for Elementor <= 1.8.1 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated

Published
2022-02-20

The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting

CVE

https://www.cve.org/CVERecord?id=CVE-2022-0327

CVSS

Score:6.1

Severity:Medium

Version: 1.8.1

There is a patch available in v1.8.2 and we strongly recommend you update to this version as soon as possible.