CVE-2023-33930

CRITICAL

Unlimited Elements For Elementor <1.5.66 - Code Injection

Title source: llm

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66.

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-66-unrestricted-zip-extraction-vulnerability?_s_id=cve

Scores

CVSS v3 9.1

EPSS 0.0084

EPSS Percentile 74.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

Unlimited Elements/Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.66

unlimited-elements/unlimited_elements_for_elementor < 1.5.67

Published Jun 04, 2024

Tracked Since Feb 18, 2026