Skip to main content

Unlimited Elements For Elementor Free Widgets Addons Templates

5 CVEs product

Monthly

CVE-2026-57718 HIGH This Week

Reflected cross-site scripting in the Unlimited Elements For Elementor (Free Widgets, Addons, Templates) WordPress plugin affects all versions up to and including 2.0.12, allowing unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser session when the victim clicks a crafted link. The CVSS 3.1 score of 7.1 reflects a scope change (S:C) where injected script escapes into the victim's browser context, yielding limited confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV; the issue was reported by Patchstack.

XSS Unlimited Elements For Elementor Free Widgets Addons Templates
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-6171 MEDIUM PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-6170 MEDIUM POC PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD GitHub
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-6169 MEDIUM POC PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-6166 HIGH PATCH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD
CVSS 3.1
8.8
EPSS
0.9%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the Unlimited Elements For Elementor (Free Widgets, Addons, Templates) WordPress plugin affects all versions up to and including 2.0.12, allowing unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser session when the victim clicks a crafted link. The CVSS 3.1 score of 7.1 reflects a scope change (S:C) where injected script escapes into the victim's browser context, yielding limited confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV; the issue was reported by Patchstack.

XSS Unlimited Elements For Elementor Free Widgets Addons Templates
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Unlimited Elements For Elementor Free Widgets Addons Templates +1
NVD
EPSS 1% CVSS 6.4
MEDIUM POC PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Unlimited Elements For Elementor Free Widgets Addons Templates +1
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Unlimited Elements For Elementor Free Widgets Addons Templates +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Unlimited Elements For Elementor Free Widgets Addons Templates +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy