5.3

CVE-2025-63053

WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Insecure Direct Object References (IDOR) vulnerability

Master Addons for Elementor <= 2.0.9.9.4 - Unauthenticated Insecure Direct Object Reference

Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4.
Mögliche Gegenmaßnahme
Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits: Update to version 2.1.0, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLiton Arefin
Produkt Master Addons for Elementor
Default Statusunaffected
Version <= 2.0.9.9.4
Version 0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits
Version *-2.0.9.9.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.102
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
audit@patchstack.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://patchstack.com/database/Wordpress/Plugin/master-addons/vulnerability/wordpress-master-addons-for-elementor-plugin-2-0-9-9-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/2ac09e78-fea1-478f-a3bc-40742bdc0f6a
Third Party Advisory