Plattform
wordpress
Komponente
master-addons
Behoben in
2.1.2
CVE-2026-2486 identifies a Stored Cross-Site Scripting (XSS) vulnerability in the Master Addons For Elementor plugin for WordPress. The vulnerability arises from insufficient input sanitization and output escaping within the 'maelbhtablebtn_text' parameter. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts that will execute when users access injected pages. The vulnerability affects versions up to and including 2.1.1.
Successful exploitation of CVE-2026-2486 allows an attacker to inject malicious JavaScript code into WordPress pages. This code can then be executed in the browsers of any user who visits the affected page. Attackers could use this to steal user cookies, redirect users to malicious websites, or deface the website. The impact is amplified if the website is publicly accessible and has a large user base. This vulnerability shares similarities with other XSS vulnerabilities, where attackers can leverage user trust to execute malicious code.
CVE-2026-2486 was published on 2026-02-20. Its severity is rated as MEDIUM with a CVSS score of 6.4. No public proof-of-concept exploits are currently known. The vulnerability is not listed on KEV or EPSS, suggesting a low to medium probability of active exploitation. However, given the widespread use of WordPress and Elementor, it's important to apply the patch promptly.
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade the Master Addons For Elementor plugin to version 2.1.2 or later. As a temporary workaround, restrict access to the 'maelbhtablebtn_text' parameter and implement strict input validation. Consider using a WordPress security plugin that provides XSS filtering capabilities. Web application firewalls (WAFs) can also be configured to detect and block malicious JavaScript code. After upgrading, confirm the fix by attempting to inject a simple JavaScript payload through the affected parameter and verifying that it is properly sanitized.
Aktualisieren Sie auf Version 2.1.2 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
XSS (Cross-Site Scripting) is a type of security vulnerability that allows attackers to inject malicious scripts into legitimate websites. These scripts execute in the browsers of users visiting the website, potentially allowing attackers to steal sensitive information or perform actions on behalf of the user.
If you are using a version prior to 2.1.2 of the Master Addons For Elementor plugin, you are likely affected. Review your website pages for suspicious JavaScript code injected into the 'maelbhtablebtn_text' parameter.
Immediately update the plugin to version 2.1.2 or higher. Review website pages for malicious code and remove it. Consider changing the passwords of all administrator or editor users.
Yes, there are several XSS vulnerability scanning tools, both free and paid. These tools can help identify potential vulnerabilities in your website.
Keep all your plugins and themes updated. Implement a strong password security policy. Limit user privileges. Use a web application firewall (WAF) to protect your website from attacks.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.