Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits

Vulnerabilities 34Slug master-addonsLatest version 3.0.9WordPress.org →

Minimum safe version

2.1.4

Update to 2.1.4 or later to address 34 fixable vulnerabilities

Latest available3.0.9 ✓

Medium 6.1

2026-05-01< 2.0.7.3

CVE-2024-13362

N/A

2026-02-19< 2.1.2

Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text'

Medium 5.9

2026-03-16< 2.1.4

Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits <= 2.1.3 - Authenticated (Author+) Stored Cross-Site Scripting

N/A

2025-12-31< 2.1.0

CVE-2025-63053

Medium 6.5

2025-12-09< 2.1.0

CVE-2025-63055

Medium 6.4

2025-08-12< 2.0.9.1

Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox

EUVD Wordfence CVE

Medium 6.4

2025-07-16< 2.0.8.3

Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

EUVD Wordfence CVE

Medium 6.4

2025-03-04< 2.0.7.2

Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

EUVD Wordfence CVE

Medium 6.4

2025-03-04< 2.0.7.3

Master Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

EUVD Wordfence CVE

Medium 5.4

2025-01-06< 2.0.6.8

WordPress Master Addons for Elementor Plugin <= 2.0.6.7 is vulnerable to Cross Site Scripting (XSS)

Patchstack Wordfence CVE

Medium 6.3

2024-10-16< 1.8.5

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Medium 5.9

2026-02-20< 2.1.0

CVE-2024-52387

CVE Patchstack Wordfence

Medium 5.4

2024-09-10< 2.0.6.5

CVE-2024-6282

CVE Patchstack Wordfence

Medium 4.8

2024-07-20< 2.0.6.3

CVE-2024-38710

CVE Patchstack Wordfence

Medium 5.4

2024-06-08< 2.0.6.0

CVE-2024-35688

Medium 5.4

2024-06-08< 2.0.6.1

CVE-2024-35702

Medium 6.1

2024-06-07< 2.0.6.2

CVE-2024-5542

Medium 5.3

2024-06-07< 2.0.6.2

CVE-2024-5382

CVE Patchstack Wordfence

Critical 9.8

2024-06-09< 2.0.5.6

CVE-2024-35660

CVE Patchstack Wordfence

Medium 5.4

2024-05-16< 2.0.6.1

CVE-2024-3134

CVE Patchstack Wordfence

Medium 5.4

2024-05-16< 2.0.6.1

CVE-2024-4580

Medium 5.4

2024-05-02< 2.0.6.0

CVE-2024-4265

CVE Patchstack Wordfence

High 8.8

2024-04-29< 2.0.5.6

CVE-2024-33595

CVE Patchstack Wordfence

Medium 6.5

2024-03-27< 2.0.5.6

CVE-2024-29911

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-03-27< 2.0.5.7

CVE-2024-2139

CVE Wordfence Patchstack WPScan

N/A

< 2.0.4

Master Addons for Elementor < 2.0.4 - Contributor+ Stored XSS

N/A

2023-10-11< 2.0.4

WordPress Master Addons for Elementor Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

N/A

2023-10-11< 2.0.4

Master Addons for Elementor <= 2.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting

Medium 6.5

2025-12-24< 2.0.5.4.1

CVE-2023-40679

CVE Patchstack Wordfence

N/A

2023-07-18< 2.0.3

WordPress Master Addons for Elementor Plugin < 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

N/A

2022-03-04< 1.8.5

Freemius SDK <= 2.4.2 - Missing Authorization Checks

N/A

2022-02-28< 1.8.5

WordPress Master Addons for Elementor plugin < 1.8.5 - Sensitive Information Disclosure vulnerability

N/A

2022-02-28< 1.8.5

WordPress Master Addons for Elementor plugin < 1.8.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Medium 6.1

2022-03-14< 1.8.5

CVE-2022-0327

CVE Patchstack Wordfence WPScan