CVE-2023-31231 CRITICAL

CVE-2023-31231: WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File Upload

Vendor Unlimited Elements
Product Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Weakness CWE-434 · Unrestricted file upload
Published December 20, 2023
Last update April 28, 2026

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

Key dates

02Disclosure timeline

December 20, 2023 CVE published
April 28, 2026 Record updated