Unlimited Elements For Elementor vulnerable to Code Injection via Unrestricted File Upload
CVE-2023-33930

7.2HIGH

Key Information:

Vendor: Unlimited Elements
Status: Unlimited Elements For Elementor (free Widgets, Addons, Templates)
Vendor: CVE Published:; 4 June 2024

Summary

The vulnerability presents an opportunity for unauthorized file uploads, enabling potential code injection attacks on WordPress sites utilizing Unlimited Elements For Elementor. This weakness affects versions of the plugin up to 1.5.66, allowing attackers to upload files with malicious code that could compromise the security and integrity of the website. Site administrators must ensure timely updates and implement security measures to safeguard against such vulnerabilities.

Affected Version(s)

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66

References

https://patchstack.com/database/vulnerability/unlimited-e...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 4, 2024
Vulnerability Reserved
May 23, 2023

Credit

Achref Ben Thameur (Patchstack Alliance)