Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Unlimited Elements

Developer

2.0.1

Latest version

300,000

Installations

Nov 26, 2025

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

28 fixed

11 Mitigation rules

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability
<= 2.0
Nov 27, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.5.148
Aug 27, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.5.142
Apr 2, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget vulnerability
<= 1.5.140
Feb 19, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.5.126
Dec 12, 2024
Remote Code Execution (RCE) vulnerability
<= 1.5.121
Oct 14, 2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.5.121
Sep 30, 2024
IP Address Spoofing to Antispam Bypass vulnerability
<= 1.5.112
Jul 9, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' vulnerability
<= 1.5.112
Jul 9, 2024
Authenticated (Contributor+) Time-Based SQL Injection vulnerability
<= 1.5.112
Jul 9, 2024
Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter vulnerability
<= 1.5.109
Jun 6, 2024
Broken Access Control vulnerability
<= 1.5.109
Jun 5, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field vulnerability
<= 1.5.107
May 29, 2024
Authenticated(Contributor+) Remote Code Execution via template import vulnerability
<= 1.5.89
May 29, 2024
Authenticated (Contributor+) SQL Injection vulnerability
<= 1.5.107
May 23, 2024
Authenticated (Contributor+) SQL Injection vulnerability
<= 1.5.102
May 10, 2024
Authenticated (Admin+) Command Injection vulnerability
<= 1.5.102
May 10, 2024
Reflected Cross-Site Scripting vulnerability
<= 1.5.102
May 10, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link vulnerability
<= 1.5.96
Apr 1, 2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.5.93
Mar 25, 2024
Reflected Cross Site Scripting (XSS) vulnerability
< 1.5.75
Jul 18, 2023
Multiple Broken Access Control vulnerability
<= 1.5.65
Jun 20, 2023
Arbitrary File Upload vulnerability
<= 1.5.65
Jun 20, 2023
Unrestricted Zip Extraction vulnerability
<= 1.5.66
Jun 13, 2023
Unrestricted Zip Extraction vulnerability
<= 1.5.60
May 22, 2023
Cross Site Scripting (XSS)
<= 1.5.48
Jan 27, 2023
Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
< 1.5.3
Feb 28, 2022
Sensitive Information Disclosure vulnerability
< 1.5.3
Feb 28, 2022