CVE-2024-35674

Published: Jun 5, 2024Modified: Apr 23, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through <= 1.5.109.

Affected (1)

Products: Unlimited Elements: Unlimited Elements For Elementor

Unlimited Elements

1 product

Unlimited Elements For Elementor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Unlimited Elements Unlimited Elements For Elementor	Before 1.5.110

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://patchstack.com/database/Wordpress/Plugin/unlimited-elements-for-elementor/vulnerability/wordpress-unlimited-elements-for-elementor-plugin-1-5-109-broken-access-control-vulnerability?_s_id=cve

Source: audit@patchstack.com

https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-109-broken-access-control-vulnerability?_s_id=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.