Unlimited Elements For Elementor vulnerable to Code Injection via Unrestricted File Upload
CVE-2023-33930
7.2HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 4 June 2024
What is CVE-2023-33930?
The vulnerability presents an opportunity for unauthorized file uploads, enabling potential code injection attacks on WordPress sites utilizing Unlimited Elements For Elementor. This weakness affects versions of the plugin up to 1.5.66, allowing attackers to upload files with malicious code that could compromise the security and integrity of the website. Site administrators must ensure timely updates and implement security measures to safeguard against such vulnerabilities.
Affected Version(s)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66