Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Unlimited Elements For Elementor — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in Unlimited Elements For Elementor, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known security weaknesses for the Unlimited Elements For Elementor WordPress plugin, classified under the vendor-specific vulnerability tag for this widely used page builder extension. The collection encompasses a comprehensive range of vulnerability types, including Cross-Site Scripting (XSS), Unauthenticated Access, and Improper Access Control issues, covering disclosed incidents from early plugin releases through recent updates. Users can utilize this resource to track the vendor’s security advisories, understand the prevalence and nature of specific weakness classes within the Elementor ecosystem, and look up the product’s historical vulnerability profile to assess long-term security posture. By centralizing these data points, the page serves as a reference for developers, security auditors, and site administrators aiming to identify potential risks associated with this specific tool. The information highlights how different flaw categories impact the plugin’s functionality and security integrity over time, providing context on the evolution of its codebase safety. This structured overview helps in prioritizing patching efforts and understanding the broader security landscape for WordPress extensions that interact with the Elementor framework, ensuring that stakeholders have a clear view of past and present threats without relying on fragmented reports.

Vendor: unitecms

CVE IDTitleCVSSSeverityPublished
CVE-2026-48837 WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability CWE-89 8.5 High2026-05-25
CVE-2026-5486 Unlimited Elements For Elementor <= 2.0.7 - Authenticated (Contributor+) SQL Injection via 'filter_search' Parameter CWE-89 6.5 Medium2026-05-14
CVE-2026-4659 Unlimited Elements For Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal CWE-22 7.5 High2026-04-17
CVE-2026-2724 Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields CWE-79 7.2 High2026-03-10
CVE-2025-14274 Unlimited Elements for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget CWE-79 5.4 Medium2026-02-03
CVE-2025-8603 Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-08-28
CVE-2025-1663 Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-04-03
CVE-2024-13155 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget CWE-79 6.4 Medium2025-02-20
CVE-2024-13153 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CWE-79 6.4 Medium2025-01-09
CVE-2024-10784 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-12-12
CVE-2024-6170 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' CWE-79 6.4 Medium2024-07-09
CVE-2024-6169 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' CWE-79 6.4 Medium2024-07-09
CVE-2024-6166 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection CWE-89 8.8 High2024-07-09
CVE-2024-6171 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass CWE-348 5.3 Medium2024-07-09
CVE-2024-5329 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter CWE-89 8.8 High2024-06-06
CVE-2024-3190 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field CWE-79 5.4 Medium2024-05-30
CVE-2023-6743 Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import CWE-1336 8.8 High2024-05-29
CVE-2024-4779 Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0] CWE-89 8.8 High2024-05-23
CVE-2024-3055 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection CWE-89 8.8 High2024-05-10
CVE-2024-3547 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-05-10
CVE-2024-2662 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection CWE-78 7.2 High2024-05-10
CVE-2024-0367 Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link CWE-79 6.4 Medium2024-03-30
CVE-2023-3295 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload CWE-434 8.8 High2023-06-17

All 23 known CVE vulnerabilities affecting Unlimited Elements For Elementor with full Chinese analysis, references, and POCs where available.