VYPR
Vendor

Unlimited Elements

Products
3
CVEs
30
Across products
36
Status
Private

Products

3

Recent CVEs

30
View all 30 CVEs →
  • CVE-2023-31090CriApr 24, 2024
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates):…

  • CVE-2023-31231CriDec 20, 2023
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

  • CVE-2024-49271CriOct 16, 2024
    risk 0.59cvss 9.1epss 0.01

    Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons,…

  • CVE-2024-5329HigJun 6, 2024
    risk 0.57cvss 8.8epss 0.01

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and…

  • CVE-2024-3055HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2024-1710HigFeb 26, 2024
    risk 0.57cvss 8.8epss 0.01

    The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-6743HigMay 29, 2024
    risk 0.51cvss 8.8epss 0.01

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with…

  • CVE-2024-6166HigJul 9, 2024
    risk 0.50cvss 8.8epss 0.01

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter…

  • CVE-2024-4779HigMay 23, 2024
    risk 0.50cvss 8.8epss 0.00

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack…

  • CVE-2026-4659HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.01

    The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative() and urlToPath()…

  • CVE-2024-29792HigMar 27, 2024
    risk 0.47cvss 7.1epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor.This issue affects Unlimited Elements For Elementor (Free…

  • CVE-2024-45454HigOct 6, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Reflected XSS.This issue affects Unlimited Elements…

  • CVE-2025-8603MedAug 28, 2025
    risk 0.42cvss 6.4epss 0.00

    The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.148 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-13153MedJan 9, 2025
    risk 0.42cvss 6.4epss 0.00

    The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-0367MedMar 30, 2024
    risk 0.42cvss 6.4epss 0.00

    The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., 'Button Link') in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user…

  • CVE-2026-2724HigMar 10, 2026
    risk 0.40cvss 7.2epss 0.00

    The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in…

  • CVE-2025-13692HigNov 27, 2025
    risk 0.40cvss 7.2epss 0.00

    The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers…

  • CVE-2024-2662HigMay 14, 2024
    risk 0.40cvss 7.2epss 0.02

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom…

  • CVE-2024-6170MedJul 9, 2024
    risk 0.35cvss 6.4epss 0.00

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-6169MedJul 9, 2024
    risk 0.35cvss 6.4epss 0.01

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping.…