Vulnerabilities > CVE-2022-0327 - Unspecified vulnerability in Jeweltheme Master Addons for Elementor

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

jeweltheme

NVD

Published: 2022-03-14

Updated: 2024-11-21

Summary

The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting

Vulnerable Configurations

Part	Description	Count
Application	Jeweltheme Jeweltheme Master Addons FOR Elementor *	1

References

https://wpscan.com/vulnerability/df38cc99-da3c-4cc0-b179-1e52e841b883
https://wpscan.com/vulnerability/df38cc99-da3c-4cc0-b179-1e52e841b883