Platform
wordpress
Component
master-addons
Fixed in
2.1.4
CVE-2026-32462 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Master Addons For Elementor plugin. This flaw allows authenticated attackers with author-level access or higher to inject malicious web scripts into pages. These scripts execute when a user accesses the compromised page, potentially leading to account takeover or data theft. The vulnerability affects versions 2.1.3 and earlier of the Master Addons For Elementor plugin. It was fixed in version 2.1.4.
CVE-2026-32462 affects Master Addons for Elementor, enabling a DOM-based Cross-Site Scripting (XSS) attack. This means an attacker could inject malicious code into a webpage utilizing this plugin, which would then execute in the user's browser. The risk is significant, potentially allowing for sensitive information theft, redirection to malicious websites, or modification of the webpage content. Versions affected range from the initial release up to and including 2.1.3. The CVSS severity score is 5.9, indicating a moderate risk. Updating the plugin is crucial to mitigate this risk.
The vulnerability is exploited through the manipulation of input data that is not properly sanitized before being used to generate webpage content. An attacker could, for example, inject malicious JavaScript code through a form field or a URL. This code would execute in the user's browser when they visit the page, allowing the attacker to perform malicious actions. The DOM-based nature of the vulnerability means the malicious code executes in the context of the user's HTML document, increasing the risk of information theft and website manipulation.
Exploit Status
EPSS
0.01% (1% percentile)
CVSS Vector
The solution to this vulnerability is to update Master Addons for Elementor to version 2.1.4 or higher. This version includes the necessary fixes to prevent malicious code injection. It is highly recommended to perform this update as soon as possible to protect your website. Additionally, review Elementor and your web server's security configurations to further strengthen protection against XSS attacks. Regularly monitoring server logs for suspicious activity can also aid in detecting and preventing potential attacks. Regular website backups are a recommended practice to enable restoration in case of an incident.
Update to version 2.1.4, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
XSS (Cross-Site Scripting) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. These scripts can steal sensitive information, redirect to malicious websites, or modify the page content.
If you are using Master Addons for Elementor in a version prior to 2.1.4, your website is vulnerable. Perform a security audit to identify potential weak points.
If you suspect your website has been compromised, immediately change all administrative account passwords, review website files for malicious code, and contact a cybersecurity professional.
While updating the plugin is the primary solution, it's recommended to review Elementor and your web server's security configurations to further strengthen protection against XSS attacks.
You can find more information about this vulnerability in vulnerability databases like CVE (Common Vulnerabilities and Exposures) and on the Master Addons for Elementor support forums.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.