CVE-2023-33930 CRITICAL

CVE-2023-33930: WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability

Vendor Unlimited Elements
Product Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Weakness CWE-434 · Unrestricted file upload
Published June 4, 2024
Last update April 28, 2026

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66.

Key dates

02Disclosure timeline

June 4, 2024 CVE published
April 28, 2026 Record updated