Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

litonice13 — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting litonice13. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Litonice13 primarily develops web applications and APIs, with a core focus on e-commerce platforms and content management systems. Historically, the researcher has commonly identified vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. Security characteristics often involve thorough authentication bypass testing and server-side injection analysis. While no major public incidents are directly attributed to this researcher, their contributions have consistently highlighted critical flaws in widely deployed software. The 17 CVEs demonstrate a pattern of uncovering both common and novel security weaknesses, particularly in PHP-based applications and popular open-source platforms.

Top products by litonice13: Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer Admin Bar Editor – Toolbar Customization with User Role based access & Custom menus Image Comparison Addon for Elementor
CVE IDTitleCVSSSeverityPublished
CVE-2026-2486 Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2026-02-20
CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API — WP Adminify – White Label WordPress, Admin Menu Editor, Login CustomizerCWE-200 5.3 Medium2026-01-28
CVE-2025-10896 Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload — Image Comparison Addon for ElementorCWE-862 8.8 High2025-11-04
CVE-2025-8874 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2025-08-12
CVE-2025-5284 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2025-07-16
CVE-2025-0433 Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2025-03-04
CVE-2024-9618 Master Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2025-03-04
CVE-2024-9502 Master Addons -- Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip Module — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2025-01-07
CVE-2024-8959 WP Adminify – Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — WP Adminify – White Label WordPress, Admin Menu Editor, Login CustomizerCWE-79 6.4 Medium2024-10-24
CVE-2024-6282 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 5.4 Medium2024-09-10
CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-862 6.5 Medium2024-06-07
CVE-2024-5542 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 7.2 High2024-06-07
CVE-2024-3134 Master Addons for Elementor <= 2.0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2024-05-16
CVE-2024-4580 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2024-05-16
CVE-2024-1716 Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Admin Bar Editor – Toolbar Customization with User Role based access & Custom menusCWE-862 4.3 Medium2024-05-02
CVE-2024-4265 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.5.9 - Contributor+ Stored Cross-Site Scripting — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2024-05-02
CVE-2024-2139 Master Addons for Elementor <= 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsCWE-79 6.4 Medium2024-03-27

This page lists every published CVE security advisory associated with litonice13. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.