Unlimited Elements For Elementor

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Unlimited Elements For Elementor

Information

Software Type Plugin
Software Slug unlimited-elements-for-elementor (view on wordpress.org)
Software Status Active
Software Author unitecms
Software Website unlimited-elements.com
Software Downloads 14,978,746
Software Active Installs 300,000
Software Record Last Updated June 18, 2026

Showing 1-20 of 35 Vulnerabilities

Submit a Vulnerability
Unlimited Elements For Elementor <= 2.0.8 - Authenticated (Contributor+) SQL Injection
6.5
CVE-2026-48837
May 26, 2026
Researcher: daroo
Unlimited Elements For Elementor <= 2.0.7 - Authenticated (Contributor+) SQL Injection via 'filter_search' Parameter
6.5
CVE-2026-5486
May 13, 2026
Researcher: Nguyen Truong (Roll)
Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter
6.1
CVE-2024-13362
Apr 30, 2026
Researcher: Asaf Mozes
Unlimited Elements For Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal
7.5
CVE-2026-4659
Apr 16, 2026
Researcher: Dmitrii Ignatyev
Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields
7.2
CVE-2026-2724
Mar 9, 2026
Researchers: Athiwat Tiprasaharn (Jitlada), Itthidej Aramsri (Boeing777), Tharadol Suksamran (d3kc4rt_1)
Unlimited Elements for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget
5.4
CVE-2025-14274
Feb 2, 2026
Researcher: zer0gh0st
Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
7.2
CVE-2025-13692
Nov 26, 2025
Researchers: 0xd4rk5id3, Abdulsamad Yusuf (0xVenus)
Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-8603
Aug 27, 2025
Researcher: Webbernaut
Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-1663
Apr 2, 2025
Researcher: zer0gh0st
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget
6.4
CVE-2024-13155
Feb 19, 2025
Researcher: zer0gh0st
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
6.4
CVE-2024-13153
Jan 8, 2025
Researcher: Webbernaut
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-10784
Dec 11, 2024
Researcher: zer0gh0st
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Authenticated (Editor+) Remote Code Execution
7.2
CVE-2024-49271
Oct 14, 2024
Researcher: Hakiduck
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Reflected Cross-Site Scripting
6.1
CVE-2024-45454
Sep 30, 2024
Researcher: Rafie Muhammad
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection
8.8
CVE-2024-6166
Jul 8, 2024
Researcher: shaman0x01
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass
5.3
CVE-2024-6171
Jul 8, 2024
Researcher: shaman0x01
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email'
6.4
CVE-2024-6170
Jul 8, 2024
Researcher: shaman0x01
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username'
6.4
CVE-2024-6169
Jul 8, 2024
Researcher: shaman0x01
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter
8.8
CVE-2024-5329
Jun 5, 2024
Researcher: shaman0x01
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Information Exposure
4.3
CVE-2024-35674
Jun 5, 2024
Researcher: Khalid
Title Status CVE ID CVSS Researchers Date
Unlimited Elements For Elementor <= 2.0.8 - Authenticated (Contributor+) SQL Injection Patched CVE-2026-48837 6.5 daroo May 26, 2026
Unlimited Elements For Elementor <= 2.0.7 - Authenticated (Contributor+) SQL Injection via 'filter_search' Parameter Patched CVE-2026-5486 6.5 Nguyen Truong (Roll) May 13, 2026
Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter Patched CVE-2024-13362 6.1 Asaf Mozes April 30, 2026
Unlimited Elements For Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal Patched CVE-2026-4659 7.5 Dmitrii Ignatyev April 16, 2026
Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields Patched CVE-2026-2724 7.2 Athiwat Tiprasaharn (Jitlada), Itthidej Aramsri (Boeing777), Tharadol Suksamran (d3kc4rt_1) March 9, 2026
Unlimited Elements for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget Patched CVE-2025-14274 5.4 zer0gh0st February 2, 2026
Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload Patched CVE-2025-13692 7.2 0xd4rk5id3, Abdulsamad Yusuf (0xVenus) November 26, 2025
Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2025-8603 6.4 Webbernaut August 27, 2025
Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2025-1663 6.4 zer0gh0st April 2, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget Patched CVE-2024-13155 6.4 zer0gh0st February 19, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets Patched CVE-2024-13153 6.4 Webbernaut January 8, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-10784 6.4 zer0gh0st December 11, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Authenticated (Editor+) Remote Code Execution Patched CVE-2024-49271 7.2 Hakiduck October 14, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Reflected Cross-Site Scripting Patched CVE-2024-45454 6.1 Rafie Muhammad September 30, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection Patched CVE-2024-6166 8.8 shaman0x01 July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass Patched CVE-2024-6171 5.3 shaman0x01 July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' Patched CVE-2024-6170 6.4 shaman0x01 July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' Patched CVE-2024-6169 6.4 shaman0x01 July 8, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter Patched CVE-2024-5329 8.8 shaman0x01 June 5, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Information Exposure Patched CVE-2024-35674 4.3 Khalid June 5, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation