WordPress · Master Addons For Elementor · CVE-2026-2486
**Name of the Vulnerable Software and Affected Versions**
Master Addons For Elementor plugin for WordPress versions 2.1.1 and earlier
**Description**
The software is susceptible to a Stored Cross-Site Scripting issue because of inadequate input sanitization and output escaping. This allows authenticated attackers with contributor-level access or higher to inject malicious web scripts into pages. These scripts will then execute when a user accesses the compromised page. The vulnerable parameter is `ma el bh table btn text`.
**Recommendations**
Update the Master Addons For Elementor plugin to a version later than 2.1.1.