Filtered by vendor Jeweltheme Subscriptions
Filtered by product Master Addons For Elementor Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-3132 2 Jeweltheme, Wordpress 2 Master Addons For Elementor, Wordpress 2026-03-03 8.8 High
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is due to missing capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server.
CVE-2025-63053 2 Jeweltheme, Wordpress 2 Master Addons For Elementor, Wordpress 2026-01-20 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4.
CVE-2023-40679 2 Jeweltheme, Wordpress 2 Master Addons For Elementor, Wordpress 2025-12-29 6.5 Medium
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.
CVE-2024-35660 2 Jeweltheme, Master-addons 2 Master Addons For Elementor, Master Addons 2024-11-26 6.5 Medium
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
CVE-2022-0327 1 Jeweltheme 1 Master Addons For Elementor 2024-11-21 6.1 Medium
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting