Unitecms Unlimited Elements For Elementor
25 CVEs affecting Unitecms Unlimited Elements For Elementor. Latest disclosed: 2026-05-14. Critical: 0, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-6166 | High | 8.8 | 2024-07-09 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ pa… |
CVE-2024-5329 | High | 8.8 | 2024-06-06 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parame… |
CVE-2023-6743 | High | 8.8 | 2024-05-29 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and i… |
CVE-2024-4779 | High | 8.8 | 2024-05-23 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ paramete… |
CVE-2024-3055 | High | 8.8 | 2024-05-10 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in… |
CVE-2023-3295 | High | 8.8 | 2023-06-17 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validatio… |
CVE-2026-4659 | High | 7.5 | 2026-04-17 | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and i… |
CVE-2026-2724 | High | 7.2 | 2026-03-10 | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and inc… |
CVE-2025-13692 | High | 7.2 | 2025-11-27 | The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and includin… |
CVE-2024-2662 | High | 7.2 | 2024-05-10 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and inclu… |
CVE-2026-5486 | Medium | 6.5 | 2026-05-14 | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX act… |
CVE-2025-8603 | Medium | 6.4 | 2025-08-28 | The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including… |
CVE-2025-1663 | Medium | 6.4 | 2025-04-03 | The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including… |
CVE-2024-13155 | Medium | 6.4 | 2025-02-20 | The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all ve… |
CVE-2024-13153 | Medium | 6.4 | 2025-01-09 | The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and includin… |
CVE-2024-10784 | Medium | 6.4 | 2024-12-12 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery'… |
CVE-2024-6169 | Medium | 6.4 | 2024-07-09 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ par… |
CVE-2024-6170 | Medium | 6.4 | 2024-07-09 | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parame… |
CVE-2024-0367 | Medium | 6.4 | 2024-03-30 | The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., 'Button… |
CVE-2022-4974 | Medium | 6.3 | 2024-10-16 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to… |