Arbitrary File Upload Vulnerability in Unlimited Elements for Elementor Product by Unlimited Elements
CVE-2026-27041

9.9CRITICAL

What is CVE-2026-27041?

The Unlimited Elements for Elementor (Premium) plugin enables arbitrary file uploads due to insufficient validation mechanisms. This vulnerability allows attackers to upload malicious files to the server, potentially leading to unauthorized actions or exposure of sensitive data. Users of the plugin, particularly those on version 2.0.6 and below, should seek immediate updates to mitigate the risk and ensure the security of their WordPress installations.

Affected Version(s)

Unlimited Elements for Elementor (Premium) <= 2.0.6

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO | Patchstack Bug Bounty Program
.