Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Master Addons for Elementor Premium plugin allows attackers to run code on your site
CVE-2026-3132
Summary
The Master Addons for Elementor Premium plugin for WordPress has a security flaw that lets attackers with a basic level of access run malicious code on your website. This means they could potentially delete files, steal data, or take control of your site. Update to the latest version of the plugin to fix this issue.
Original title
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is...
Original description
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is due to missing capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server.
nvd CVSS3.1
8.8
Vulnerability type
CWE-94
Code Injection
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026