CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-31231

CVSS 9.9v3.1pub. 2023-12-20upd. 2026-04-28

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) involves the lack of proper validation of the file extension or type being uploaded. An authenticated user (even with low privileges) can upload an executable file, such as a PHP script, through the vulnerable upload mechanism of the plugin. Once such a file is placed on the server, an attacker can invoke it through a browser and execute arbitrary code in the context of the web server. The CVSS vector indicates a change in scope (Scope Changed), which means the impact may extend beyond the WordPress application itself.

Impact

An attacker can gain full control over the server through remote code execution (RCE), and can also compromise the confidentiality, integrity, and availability of data and the entire hosting environment.

Mitigation & patch

The Unlimited Elements For Elementor plugin should be immediately updated to a version higher than 1.5.65. Details regarding the patched version are available in the manufacturer's references and in the Patchstack database.

Who is affected

The Unlimited Elements For Elementor plugin (Free Widgets, Addons, Templates) in versions from the beginning up to and including 1.5.65, installed on the WordPress platform.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Unlimited Elements For Elementor

    APP
    Unlimited-Elements
    < 1.5.66
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-49271CRITICAL9.1PL ✓ten sam produkt

RCE przez Deserialization w pluginie Unlimited Elements For Elementor

CVE-2023-33930CRITICAL9.1PL ✓ten sam produkt

Nieograniczony upload plików w wtyczce Unlimited Elements For Elementor

CVE-2023-31090CRITICAL9.9PL ✓ten sam produkt

Unrestricted File Upload umożliwiający Web Shell w pluginie Unlimited Elements For Elementor

CVE-2024-45454HIGH7.1ten sam produkt

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimite...

CVE-2023-31080HIGH8.3ten sam produkt

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addo...