Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Information

Software Type Plugin
Software Slug unlimited-elements-for-elementor (view on wordpress.org)
Software Status Active
Software Author unitecms
Software Website unlimited-elements.com
Software Downloads 10,737,475
Software Active Installs 300,000
Software Record Last Updated November 24, 2024

Showing 1-20 of 23 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 - Arbitrary File Upload in File Manager Patched CVE-2023-31090 9.9 Rafie Muhammad May 22, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Zip Extraction to Arbitrary File Upload in File Manager Patched CVE-2023-33930 9.9 Achref Ben Thameur May 22, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection Patched CVE-2024-6166 8.8 shaman0x01 July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter Patched CVE-2024-5329 8.8 shaman0x01 June 5, 2024
Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import Patched CVE-2023-6743 8.8 Nex Team May 28, 2024
Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0] Patched CVE-2024-4779 8.8 M.Awad May 22, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection Patched CVE-2024-3055 8.8 wesley (wcraft) May 10, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload Patched CVE-2023-3295 8.8 Chloe Chamberland, Rafie Muhammad June 16, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Authenticated (Editor+) Remote Code Execution Patched CVE-2024-49271 7.2 Hakiduck October 14, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection Patched CVE-2024-2662 7.2 wesley (wcraft) May 9, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' Patched CVE-2024-6169 6.4 shaman0x01 July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' Patched CVE-2024-6170 6.4 shaman0x01 July 8, 2024
Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link Patched CVE-2024-0367 6.4 Webbernaut March 29, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization Patched CVE-2023-31080 6.3 Rafie Muhammad June 20, 2023
Freemius SDK <= 2.4.2 - Missing Authorization Checks Patched CVE-2022-4974 6.3 March 4, 2022
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Reflected Cross-Site Scripting Patched CVE-2024-45454 6.1 Rafie Muhammad September 30, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting Patched CVE-2024-3547 6.1 Le Ngoc Anh May 9, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.93 - Reflected Cross-Site Scripting Patched CVE-2024-29792 6.1 Rafie Muhammad March 25, 2024
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get Patched CVE-2023-33999 6.1 Rafie Muhammad July 18, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field Patched CVE-2024-3190 5.4 Tim Coen May 29, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation