Unlimited Elements For Elementor Free Widgets Addons Templates
Monthly
Reflected cross-site scripting in the Unlimited Elements For Elementor (Free Widgets, Addons, Templates) WordPress plugin affects all versions up to and including 2.0.12, allowing unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser session when the victim clicks a crafted link. The CVSS 3.1 score of 7.1 reflects a scope change (S:C) where injected script escapes into the victim's browser context, yielding limited confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV; the issue was reported by Patchstack.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Reflected cross-site scripting in the Unlimited Elements For Elementor (Free Widgets, Addons, Templates) WordPress plugin affects all versions up to and including 2.0.12, allowing unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser session when the victim clicks a crafted link. The CVSS 3.1 score of 7.1 reflects a scope change (S:C) where injected script escapes into the victim's browser context, yielding limited confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV; the issue was reported by Patchstack.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.