Documentation: Home / Vulnerabilities / Input validation vulnerability in Unlimited Elements For Elementor (Free Widgets, Addons, Templates) 1.5.112

Latest

Input validation vulnerability in Unlimited Elements For Elementor (Free Widgets, Addons, Templates) 1.5.112

CVE-2024-6166

Severity: high-risk
Status: Fixed
Publication: July 8, 2024

The Unlimited Elements For Elementor plugin for WordPress has a security issue that could allow hackers to access sensitive information from the database. This vulnerability is caused by a lack of proper protection on a specific parameter called ‘addons_order’ and the way the SQL query is prepared. Attackers with Contributor-level access or higher and permission to edit plugin settings could potentially add their own SQL queries to the existing ones, putting the website at risk.

Detected in:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) fixed vulnerable versions: >= * <= 1.5.112

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Login protection as essential security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Input validation vulnerability in Unlimited Elements For Elementor (Free Widgets, Addons, Templates) 1.5.112

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles