Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Unlimited Elements

Developer

2.0.6

Latest version

300,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

32 patched

12 Mitigation rules

Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability
<= 2.0.5
11/03/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget vulnerability
<= 2.0.1
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' vulnerability
<= 1.5.112
02/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
<= 1.5.135
31/12/2025
Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability
<= 2.0
27/11/2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.5.148
27/08/2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.5.142
02/04/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget vulnerability
<= 1.5.140
19/02/2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.5.126
12/12/2024
Remote Code Execution (RCE) vulnerability
<= 1.5.121
14/10/2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.5.121
30/09/2024
IP Address Spoofing to Antispam Bypass vulnerability
<= 1.5.112
09/07/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' vulnerability
<= 1.5.112
09/07/2024
Authenticated (Contributor+) Time-Based SQL Injection vulnerability
<= 1.5.112
09/07/2024
Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter vulnerability
<= 1.5.109
06/06/2024
Broken Access Control vulnerability
<= 1.5.109
05/06/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field vulnerability
<= 1.5.107
29/05/2024
Authenticated(Contributor+) Remote Code Execution via template import vulnerability
<= 1.5.89
29/05/2024
Authenticated (Contributor+) SQL Injection vulnerability
<= 1.5.107
23/05/2024
Authenticated (Contributor+) SQL Injection vulnerability
<= 1.5.102
10/05/2024
Authenticated (Admin+) Command Injection vulnerability
<= 1.5.102
10/05/2024
Reflected Cross-Site Scripting vulnerability
<= 1.5.102
10/05/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link vulnerability
<= 1.5.96
01/04/2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.5.93
25/03/2024
Reflected Cross Site Scripting (XSS) vulnerability
< 1.5.75
18/07/2023
Multiple Broken Access Control vulnerability
<= 1.5.65
20/06/2023
Arbitrary File Upload vulnerability
<= 1.5.65
20/06/2023
Unrestricted Zip Extraction vulnerability
<= 1.5.66
13/06/2023
Unrestricted Zip Extraction vulnerability
<= 1.5.60
22/05/2023
Cross Site Scripting (XSS)
<= 1.5.48
27/01/2023
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
< 1.5.3
28/02/2022
Sensitive Information Disclosure vulnerability
< 1.5.3
28/02/2022