WordPress Unlimited Elements For Elementor plugin <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability

Authenticated Contributor+ Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.6...

WordPress Unlimited Elements for Elementor plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Border Hero Widget vulnerability discovered by zer0gh0st in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.1...

CVE-2024-10784

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-1663 Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

CVE-2024-49271

Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates unlimited-elements-for-elementor allows Command Injection.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through =...

CVE-2024-49271

CVE-2024-49271 affects the WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates). Reports indicate an Improper Neutralization of Special Elements Used in a Template Engine leading to Remote Code Execution/Command Injection in versions

WordPress plugin Unlimited Elements For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-6170

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-6170

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-6166 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addonsorder’ parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-6171 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. Thi...

CVE-2024-6171

Technical details beyond the initial description are not provided in the supplied documents; monitor for updates.

CVE-2024-35674

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates unlimited-elements-for-elementor.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through = 1.5.109...

CVE-2023-33930 WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows Code Injection.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5.66...

CVE-2024-4779

CVE-2024-4779 affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress. It is an SQL Injection via data[post_ids][0] caused by insufficient escaping in the query, exploitable by authenticated attackers with contributor-level access and above. Impact per the entry: ...

CVE-2024-2662 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.102 - Authenticated (Admin+) Command Injection vulnerability

Authenticated Admin+ Command Injection vulnerability discovered by wesley wcraft in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.102...

CVE-2023-31090

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5....

CVE-2023-31090

CVE-2023-31090 affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates) up to version 1.5.60. The issue is described as an Unrestricted Zip Extraction vulnerability, enabling potential code execution/unauthorized access via crafted ZIP handling. Patchstack notes fix in 1.5.61; P...