Vulnerabilities > Unlimited Elements > Unlimited Elements FOR Elementor > 1.5.116
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-03 | CVE-2025-1663 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-20 | CVE-2024-13155 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-16 | CVE-2024-49271 | Code Injection vulnerability in Unlimited-Elements Unlimited Elements for Elementor : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. | 7.2 |
| 2024-10-06 | CVE-2024-45454 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. | 6.1 |