🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Information

Software Type	Plugin
Software Slug	unlimited-elements-for-elementor (view on wordpress.org)
Software Status	Active
Software Author	unitecms
Software Website	unlimited-elements.com
Software Downloads	9,187,300
Software Active Installs	200,000
Software Record Last Updated	July 27, 2024

Showing 1-20 of 21 Vulnerabilities

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass

5.3

CVE-2024-6171

Jul 8, 2024

Researcher: shaman0x01

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email'

6.4

CVE-2024-6170

Jul 8, 2024

Researcher: shaman0x01

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username'

6.4

CVE-2024-6169

Jul 8, 2024

Researcher: shaman0x01

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection

8.8

CVE-2024-6166

Jul 8, 2024

Researcher: shaman0x01

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter

8.8

CVE-2024-5329

Jun 5, 2024

Researcher: shaman0x01

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Information Exposure

4.3

CVE-2024-35674

Jun 5, 2024

Researcher: Khalid

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field

5.4

CVE-2024-3190

May 29, 2024

Researcher: Tim Coen

Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import

8.8

CVE-2023-6743

May 28, 2024

Researcher: Nex Team

Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0]

8.8

CVE-2024-4779

May 22, 2024

Researcher: M.Awad

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2024-3055

May 10, 2024

Researcher: wesley (wcraft)

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection

7.2

CVE-2024-2662

May 9, 2024

Researcher: wesley (wcraft)

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting

6.1

CVE-2024-3547

May 9, 2024

Researcher: Le Ngoc Anh

Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link

6.4

CVE-2024-0367

Mar 29, 2024

Researcher: Webbernaut

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.93 - Reflected Cross-Site Scripting

6.1

CVE-2024-29792

Mar 25, 2024

Researcher: Rafie Muhammad

Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get

6.1

CVE-2023-33999

Jul 18, 2023

Researcher: Rafie Muhammad

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization

6.3

CVE-2023-31080

Jun 20, 2023

Researcher: Rafie Muhammad

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2023-3295

Jun 16, 2023

Researchers: Chloe Chamberland, Rafie Muhammad

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Zip Extraction to Arbitrary File Upload in File Manager

9.9

CVE-2023-33930

May 22, 2023

Researcher: Achref Ben Thameur

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 - Arbitrary File Upload in File Manager

9.9

CVE-2023-31090

May 22, 2023

Researcher: Rafie Muhammad

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS)

4.4

CVE-2022-47170

Jan 27, 2023

Researcher: Muhammad Daffa

Title	Status	CVE ID	CVSS	Researchers	Date
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass	Patched	CVE-2024-6171	5.3	shaman0x01	July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email'	Patched	CVE-2024-6170	6.4	shaman0x01	July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username'	Patched	CVE-2024-6169	6.4	shaman0x01	July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection	Patched	CVE-2024-6166	8.8	shaman0x01	July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter	Patched	CVE-2024-5329	8.8	shaman0x01	June 5, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Information Exposure	Patched	CVE-2024-35674	4.3	Khalid	June 5, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field	Patched	CVE-2024-3190	5.4	Tim Coen	May 29, 2024
Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import	Patched	CVE-2023-6743	8.8	Nex Team	May 28, 2024
Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0]	Patched	CVE-2024-4779	8.8	M.Awad	May 22, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection	Patched	CVE-2024-3055	8.8	wesley (wcraft)	May 10, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection	Patched	CVE-2024-2662	7.2	wesley (wcraft)	May 9, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting	Patched	CVE-2024-3547	6.1	Le Ngoc Anh	May 9, 2024
Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link	Patched	CVE-2024-0367	6.4	Webbernaut	March 29, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.93 - Reflected Cross-Site Scripting	Patched	CVE-2024-29792	6.1	Rafie Muhammad	March 25, 2024
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get	Patched	CVE-2023-33999	6.1	Rafie Muhammad	July 18, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization	Patched	CVE-2023-31080	6.3	Rafie Muhammad	June 20, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload	Patched	CVE-2023-3295	8.8	Chloe Chamberland, Rafie Muhammad	June 16, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Zip Extraction to Arbitrary File Upload in File Manager	Patched	CVE-2023-33930	9.9	Achref Ben Thameur	May 22, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 - Arbitrary File Upload in File Manager	Patched	CVE-2023-31090	9.9	Rafie Muhammad	May 22, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS)	Patched	CVE-2022-47170	4.4	Muhammad Daffa	January 27, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation