WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File Upload
CVE-2023-31231

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: Unlimited Elements For Elementor (free Widgets, Addons, Templates)
Vendor: CVE Published:; 20 December 2023

What is CVE-2023-31231?

A vulnerability exists in the Unlimited Elements For Elementor plugin, allowing users to upload files of dangerous types without restrictions. This could potentially lead to unauthorized file execution, exposing sites to significant security risks. The affected versions range from the initial release through 1.5.65, making it crucial for users to assess their installations and mitigate potential threats.

Affected Version(s)

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65

References

https://patchstack.com/database/vulnerability/unlimited-e...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Apr 26, 2023

Credit

Rafie Muhammad (Patchstack)

CVE-2023-31231 Data

JSON