CRITICALβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2023-31090

CVSS 9.9v3.1pub. 2024-04-24upd. 2026-04-28

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60.

πŸ€– AI Analysis
How it works

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and results from insufficient validation of file types uploaded through the plugin's functionality. An attacker with basic user privileges (PR:L) can upload a malicious file β€” such as a web shell β€” directly to the web server. Once the file is placed on the server, it can be executed remotely by directly referencing the uploaded resource.

Impact

An attacker can gain full control over the web server through arbitrary code execution (RCE) via an uploaded web shell, resulting in violation of system confidentiality, integrity, and availability, as well as potentially the entire infrastructure (scope S:C).

Mitigation & patch

The Unlimited Elements For Elementor plugin should be updated immediately to a version higher than 1.5.60. Details regarding the version containing the patch are available in the vendor references and in the Patchstack database.

Who is affected

WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) in versions from the beginning through 1.5.60 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Unlimited Elements For Elementor

    APP
    Unlimited-Elements
    < 1.5.61
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-49271CRITICAL9.1PL βœ“ten sam produkt

RCE przez Deserialization w pluginie Unlimited Elements For Elementor

CVE-2023-33930CRITICAL9.1PL βœ“ten sam produkt

Nieograniczony upload plikΓ³w w wtyczce Unlimited Elements For Elementor

CVE-2023-31231CRITICAL9.9PL βœ“ten sam produkt

Unrestricted File Upload w wtyczce Unlimited Elements For Elementor

CVE-2024-45454HIGH7.1ten sam produkt

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimite...

CVE-2023-31080HIGH8.3ten sam produkt

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addo...

CVE-2023-31090 β€” Unlimited-Elements β€” Unlimited Elements For Elementor β€” CRITICAL β€” CVSS 9.9 | CVEbaza.pl