CVE-2024-5382 MEDIUM

CVE-2024-5382: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

Vendor Litonice13
Product Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits
Weakness CWE-862 · Missing authorization
Published June 7, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates.

Key dates

02Disclosure timeline

June 7, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-24613 WordPress FV Thoughtful Comments plugin <= 0.3.5 - Broken Access Control vulnerability CVE-2024-32787 WordPress Secure Copy Content Protection and Content Locking plugin <= 3.7.1 - Broken Access Control vulnerability CVE-2022-3538 Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation CVE-2026-44794 Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference CVE-2023-39298 QTS, QuTS hero