CVE-2023-6743
Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.
| CWE | CWE-1336 |
| Vendor | unitecms |
| Product | unlimited elements for elementor |
| Published | May 29, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for unitecms unlimited elements for elementor
Be the first to know when new high vulnerabilities affecting unitecms unlimited elements for elementor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
unitecms / Unlimited Elements For Elementor
0 โค 1.5.89
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/25f71a19-85b1-4bc9-b193-d9de2eba81ee?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_output.class.php#L1765 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/core/plugins/unlimited_elements/elementor/elementor_widget.class.php#L3948 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3010986/unlimited-elements-for-elementor#file6 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3015166/unlimited-elements-for-elementor
Credits
Nex Team