Unlimited Elements For Elementor Vulnerable to Cross-site Scripting Attacks
CVE-2024-29792

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Unlimited Elements For Elementor (free Widgets, Addons, Templates)
Vendor: CVE Published:; 27 March 2024

Summary

An improper neutralization of input during web page generation vulnerability has been identified in the Unlimited Elements for Elementor, a plugin used for enhancing WordPress sites. This security issue allows for reflected cross-site scripting (XSS) attacks, posing potential risks to end-users and site integrity. Malicious actors can exploit this vulnerability by crafting specific inputs that could be executed in the browsers of unsuspecting users. The vulnerable versions range from n/a to 1.5.93, making it crucial for users to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.93

References

https://patchstack.com/database/vulnerability/unlimited-e...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Mar 19, 2024

Credit

Rafie Muhammad (Patchstack)