← volver
CVE-2023-6743

Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import

CVSS 8.8 HIGHEPSS 1.3%CWE-1336
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
unitecms · Unlimited Elements For Elementor

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_output.class.php#L1765https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/core/plugins/unlimited_elements/elementor/elementor_widget.class.php#L3948https://plugins.trac.wordpress.org/changeset/3010986/unlimited-elements-for-elementor#file6https://plugins.trac.wordpress.org/changeset/3015166/unlimited-elements-for-elementorhttps://www.wordfence.com/threat-intel/vulnerabilities/id/25f71a19-85b1-4bc9-b193-d9de2eba81ee?source=cve