Vulnerability Description
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Master-Addons | Master Addons | < 2.0.6.2 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/3096299/master-addonsPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e3820f80-9b80-4672-b2fThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/3096299/master-addonsPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e3820f80-9b80-4672-b2fThird Party Advisory
FAQ
What is CVE-2024-5382?
CVE-2024-5382 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check ...
How severe is CVE-2024-5382?
CVE-2024-5382 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5382?
Check the references section above for vendor advisories and patch information. Affected products include: Master-Addons Master Addons.