High severity7.2NVD Advisory· Published May 14, 2024· Updated Apr 8, 2026
CVE-2024-2662
CVE-2024-2662
Description
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:unlimited-elements:unlimited_elements_for_elementor:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:unlimited-elements:unlimited_elements_for_elementor:*:*:*:*:*:wordpress:*:*range: <1.5.103
- (no CPE)range: <=1.5.102
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.