The Unlimited Elements For Elementor plugin (which includes Free Widgets, Addons, and Templates) for WordPress is vulnerable to a type of security threat known as arbitrary file uploads. This type of vulnerability is due to the lack of validating the file type of files within zip files in the File Manager functionality for versions 1.5.60 and below. This means that an attacker who has a Contributor-level permission or higher can upload arbitrary files to the server of the affected website, which could potentially lead to remote code execution.