EUVD-2026-37668Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable plugin endpoint (AV:N), no special conditions (AC:L), requires Contributor auth (PR:L), no user interaction (UI:N); arbitrary PHP upload yields RCE on the WordPress host beyond the plugin scope (S:C, C/I/A:H).
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
AnalysisAI
Arbitrary file upload in the Unlimited Elements for Elementor (Premium) WordPress plugin versions 2.0.6 and earlier allows authenticated users with Contributor-level privileges to upload arbitrary files, leading to remote code execution on the underlying WordPress host. Reported by Patchstack and rated CVSS 9.9 with a scope-changing impact, no public exploit identified at time of analysis but the low privilege bar makes this a high-priority issue for any site that permits Contributor accounts.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated WordPress account at Contributor role or higher on a target site that has the Unlimited Elements for Elementor (Premium) plugin installed and active at version 2.0.6 or earlier, and the plugin's vulnerable upload endpoint must be reachable from the attacker's network position. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Multiple signals point to elevated real-world risk: CVSS 9.9 with AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H indicates a network-reachable, low-complexity flaw requiring only minimal privileges and no user interaction, and the scope change (S:C) reflects the typical WordPress plugin-to-host pivot. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or compromises a Contributor account on a WordPress site running Unlimited Elements for Elementor (Premium) <= 2.0.6, then submits a crafted upload request to the plugin's file-handling endpoint containing a PHP payload disguised or simply named with an executable extension. The file lands in a web-accessible directory and is fetched directly to execute arbitrary code as the web server user, giving the attacker full WordPress takeover and a foothold on the underlying host. … |
| Remediation | Patch available per vendor advisory - consult the Patchstack entry at https://patchstack.com/database/wordpress/plugin/unlimited-elements-for-elementor-premium/vulnerability/wordpress-unlimited-elements-for-elementor-premium-plugin-1-4-72-arbitrary-file-upload-vulnerability for the exact fixed release and upgrade Unlimited Elements for Elementor (Premium) beyond 2.0.6 on every WordPress site that uses it. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit WordPress installations for Unlimited Elements for Elementor (Premium) v2.0.6 or earlier; restrict creation of new Contributor accounts and document all existing contributors. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today