PT-2026-22659 · WordPress · Master Addons For Elementor Premium
Ren Voza
·
Published
2026-03-02
·
Updated
2026-03-30
·
CVE-2026-3132
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Master Addons for Elementor Premium plugin for WordPress versions up to and including 2.1.3
Description
The Master Addons for Elementor Premium plugin for WordPress is susceptible to Remote Code Execution via the
JLTMA Widget Admin::render preview function. This is due to a missing capability check, allowing authenticated attackers with Subscriber-level access or higher to execute code on the server.Recommendations
Versions prior to 2.1.4 should be updated.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Master Addons For Elementor Premium