Arbitrary File Upload Vulnerability in Unlimited Elements for Elementor Product by Unlimited Elements
CVE-2026-27041
9.9CRITICAL
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 17 June 2026
What is CVE-2026-27041?
The Unlimited Elements for Elementor (Premium) plugin enables arbitrary file uploads due to insufficient validation mechanisms. This vulnerability allows attackers to upload malicious files to the server, potentially leading to unauthorized actions or exposure of sensitive data. Users of the plugin, particularly those on version 2.0.6 and below, should seek immediate updates to mitigate the risk and ensure the security of their WordPress installations.
Affected Version(s)
Unlimited Elements for Elementor (Premium) <= 2.0.6