Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Unlimited Elements

Developer

1.5.152

Latest version

300,000

Installations

1 day ago

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

27 fixed

10 Mitigation rules

Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.5.148
Aug 27, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.5.142
Apr 2, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget vulnerability
<= 1.5.140
Feb 19, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.5.126
Dec 12, 2024
Remote Code Execution (RCE) vulnerability
<= 1.5.121
Oct 14, 2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.5.121
Sep 30, 2024
IP Address Spoofing to Antispam Bypass vulnerability
<= 1.5.112
Jul 9, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' vulnerability
<= 1.5.112
Jul 9, 2024
Authenticated (Contributor+) Time-Based SQL Injection vulnerability
<= 1.5.112
Jul 9, 2024
Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter vulnerability
<= 1.5.109
Jun 6, 2024
Broken Access Control vulnerability
<= 1.5.109
Jun 5, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field vulnerability
<= 1.5.107
May 29, 2024
Authenticated(Contributor+) Remote Code Execution via template import vulnerability
<= 1.5.89
May 29, 2024
Authenticated (Contributor+) SQL Injection vulnerability
<= 1.5.107
May 23, 2024
Authenticated (Contributor+) SQL Injection vulnerability
<= 1.5.102
May 10, 2024
Authenticated (Admin+) Command Injection vulnerability
<= 1.5.102
May 10, 2024
Reflected Cross-Site Scripting vulnerability
<= 1.5.102
May 10, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link vulnerability
<= 1.5.96
Apr 1, 2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.5.93
Mar 25, 2024
Reflected Cross Site Scripting (XSS) vulnerability
< 1.5.75
Jul 18, 2023
Multiple Broken Access Control vulnerability
<= 1.5.65
Jun 20, 2023
Arbitrary File Upload vulnerability
<= 1.5.65
Jun 20, 2023
Unrestricted Zip Extraction vulnerability
<= 1.5.66
Jun 13, 2023
Unrestricted Zip Extraction vulnerability
<= 1.5.60
May 22, 2023
Cross Site Scripting (XSS)
<= 1.5.48
Jan 27, 2023
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
< 1.5.3
Feb 28, 2022
Sensitive Information Disclosure vulnerability
< 1.5.3
Feb 28, 2022