Unlimited Elements For Elementor Premium
Monthly
Arbitrary file upload in the Unlimited Elements for Elementor (Premium) WordPress plugin versions 2.0.6 and earlier allows authenticated users with Contributor-level privileges to upload arbitrary files, leading to remote code execution on the underlying WordPress host. Reported by Patchstack and rated CVSS 9.9 with a scope-changing impact, no public exploit identified at time of analysis but the low privilege bar makes this a high-priority issue for any site that permits Contributor accounts.
Arbitrary file upload in the Unlimited Elements for Elementor (Premium) WordPress plugin versions 2.0.6 and earlier allows authenticated users with Contributor-level privileges to upload arbitrary files, leading to remote code execution on the underlying WordPress host. Reported by Patchstack and rated CVSS 9.9 with a scope-changing impact, no public exploit identified at time of analysis but the low privilege bar makes this a high-priority issue for any site that permits Contributor accounts.