Unlimited Elements For Elementor vulnerable to Code Injection via Unrestricted File Upload

CVE-2023-33930

9.1CRITICAL

Key Information

Vendor: Unlimited Elements
Status: Unlimited Elements For Elementor (free Widgets, Addons, Templates)
Vendor: CVE Published:; 4 June 2024

Summary

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66.

Affected Version(s)

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Jun 4, 2024
Vulnerability Reserved.
May 23, 2023

Collectors

NVD DatabaseMitre Database

Credit

Achref Ben Thameur (Patchstack Alliance)