CVE-2024-49271

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability

Description

: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121.

Remediation

Solution:

Update to 1.5.122 or a higher version.

References

Link	Tags
https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-1-5-121-remote-code-execution-rce-vulnerability?_s_id=cve	third party advisory vdb entry

Frequently Asked Questions

What is the severity of CVE-2024-49271?: CVE-2024-49271 has been scored as a critical severity vulnerability.
How to fix CVE-2024-49271?: To fix CVE-2024-49271: Update to 1.5.122 or a higher version.
Is CVE-2024-49271 being actively exploited in the wild?: It is possible that CVE-2024-49271 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49271?: CVE-2024-49271 affects Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).

Description

Remediation

Categories

CWE-1336 – Improper Neutralization of Special Elements Used in a Template Engine

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions