Unlimited Elements For Elementor vulnerable to Code Injection via Unrestricted File Upload
CVE-2023-33930

7.2HIGH

Key Information:

Vendor: WordPress
Status: Unlimited Elements For Elementor (free Widgets, Addons, Templates)
Vendor: CVE Published:; 4 June 2024

What is CVE-2023-33930?

The vulnerability presents an opportunity for unauthorized file uploads, enabling potential code injection attacks on WordPress sites utilizing Unlimited Elements For Elementor. This weakness affects versions of the plugin up to 1.5.66, allowing attackers to upload files with malicious code that could compromise the security and integrity of the website. Site administrators must ensure timely updates and implement security measures to safeguard against such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66

References

https://patchstack.com/database/vulnerability/unlimited-e...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 4, 2024
Vulnerability Reserved
May 23, 2023

Credit

Achref Ben Thameur (Patchstack Alliance)

JSON

WordPress

What is CVE-2023-33930?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.