Does Unlimited Elements For Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in Unlimited Elements For Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Unlimited Elements For Elementor compatible with WordPress 6.9.4?

According to WordPress.org data, Unlimited Elements For Elementor 2.0.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Unlimited Elements For Elementor compatible with PHP 7.4+?

Unlimited Elements For Elementor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Unlimited Elements For Elementor updated?

Unlimited Elements For Elementor was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is Unlimited Elements For Elementor's security score?

Unlimited Elements For Elementor has a WP-Safety security score of 76/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Unlimited Elements For Elementor Security & Risk Analysis

wordpress.org/plugins/unlimited-elements-for-elementor

Elementor all-in-one addons pack with the best widgets for Elementor, offering 100+ free widgets, templates, and tools to create stunning websites!

300K active installs v2.0.6 PHP 7.4+ WP 3.5+ Updated Feb 26, 2026

elementorelementor-addonselementor-templateselementor-widgetswidgets-for-elementor

B · Generally Safe

CVEs total29

Unpatched0

Last CVEMar 9, 2026

Plugin page Download

Safety Verdict

Is Unlimited Elements For Elementor Safe to Use in 2026?

Mostly Safe

Score 76/100

Unlimited Elements For Elementor is generally safe to use. 29 past CVEs were resolved. Keep it updated.

29 known CVEsLast CVE: Mar 9, 2026Updated 1mo ago

Risk Assessment

The "unlimited-elements-for-elementor" plugin v2.0.6 presents a significant security risk due to its static analysis findings and extensive vulnerability history. While the plugin demonstrates good practices in SQL query preparation and output escaping, the presence of two unprotected AJAX handlers forms a substantial attack surface. The taint analysis reveals one high-severity flow with unsanitized paths, indicating a potential for sensitive data exposure or code execution. This, coupled with the plugin's history of 29 known CVEs across various critical types like XSS, Code Injection, and SQL Injection, points to a recurring pattern of security weaknesses that attackers could exploit. The plugin's last vulnerability was reported in 2026, suggesting recent but persistent issues. Overall, while some security measures are in place, the combination of an exposed attack surface and a history of severe vulnerabilities makes this plugin a high-risk component.

Key Concerns

Unprotected AJAX handlers
High severity taint flow with unsanitized paths
29 total known CVEs
History of critical and high severity CVEs
Dangerous function 'assert' used
Dangerous function 'unserialize' used
Bundled outdated Freemius library v1.0

Vulnerabilities

Unlimited Elements For Elementor Security Vulnerabilities

CVEs by Year

5 CVEs in 2023

2023

17 CVEs in 2024

2024

5 CVEs in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

29 total CVEs

CVE-2026-2724high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields

Mar 9, 2026 Patched in 2.0.6 (1d)

CVE-2025-14274medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget

Feb 2, 2026 Patched in 2.0.2 (1d)

CVE-2025-13692high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

Nov 26, 2025 Patched in 2.0.1 (2d)

CVE-2025-8603medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 27, 2025 Patched in 1.5.149 (1d)

CVE-2025-1663medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 2, 2025 Patched in 1.5.143 (1d)

CVE-2024-13155medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget

Feb 19, 2025 Patched in 1.5.141 (1d)

CVE-2024-13153medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Jan 8, 2025 Patched in 1.5.136 (42d)

CVE-2024-10784medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 11, 2024 Patched in 1.5.127 (1d)

CVE-2024-49271high · 7.2Improper Control of Generation of Code ('Code Injection')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Authenticated (Editor+) Remote Code Execution

Oct 14, 2024 Patched in 1.5.122 (5d)

CVE-2024-45454medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Reflected Cross-Site Scripting

Sep 30, 2024 Patched in 1.5.122 (11d)

CVE-2024-6171medium · 5.3Use of Less Trusted Source

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass

Jul 8, 2024 Patched in 1.5.113 (1d)

CVE-2024-6166high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection

Jul 8, 2024 Patched in 1.5.113 (1d)

CVE-2024-6170medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email'

Jul 8, 2024 Patched in 1.5.113 (1d)

CVE-2024-6169medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username'

Jul 8, 2024 Patched in 1.5.113 (1d)

CVE-2024-5329high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter

Jun 5, 2024 Patched in 1.5.110 (1d)

CVE-2024-35674medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Information Exposure

Jun 5, 2024 Patched in 1.5.110 (9d)

CVE-2024-3190medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field

May 29, 2024 Patched in 1.5.108 (1d)

CVE-2023-6743high · 8.8Improper Neutralization of Special Elements Used in a Template Engine

Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import

May 28, 2024 Patched in 1.5.91 (63d)

CVE-2024-4779high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0]

May 22, 2024 Patched in 1.5.108 (1d)

CVE-2024-3055high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection

May 10, 2024 Patched in 1.5.105 (1d)

CVE-2024-2662high · 7.2Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection

May 9, 2024 Patched in 1.5.103 (1d)

CVE-2024-3547medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting

May 9, 2024 Patched in 1.5.103 (1d)

CVE-2024-0367medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link

Mar 29, 2024 Patched in 1.5.97 (123d)

CVE-2024-29792medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.93 - Reflected Cross-Site Scripting

Mar 25, 2024 Patched in 1.5.94 (8d)

CVE-2023-31080medium · 6.3Missing Authorization

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization

Jun 20, 2023 Patched in 1.5.66 (217d)

CVE-2023-3295high · 8.8Unrestricted Upload of File with Dangerous Type

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload

Jun 16, 2023 Patched in 1.5.67 (221d)

CVE-2023-31090critical · 9.9Unrestricted Upload of File with Dangerous Type

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 - Arbitrary File Upload in File Manager

May 22, 2023 Patched in 1.5.61 (246d)

CVE-2023-33930critical · 9.9Unrestricted Upload of File with Dangerous Type

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Zip Extraction to Arbitrary File Upload in File Manager

May 22, 2023 Patched in 1.5.67 (246d)

CVE-2022-47170medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS)

Jan 27, 2023 Patched in 1.5.49 (361d)

Code Analysis

Analyzed Mar 16, 2026

Unlimited Elements For Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

57 prepared

Unescaped Output

1580 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$arrOutput = @unserialize($str);inc_php\framework\functions.class.php:1328

assertassert($openingTag == $tagName); // check that tags are properly nested.inc_php\framework\functions.class.php:1710

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

98% prepared58 total queries

Output Escaping

95% escaped1670 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

11 flows9 with unsanitized paths

processAction (views\changelog.php:47)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Unlimited Elements For Elementor Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_unitecreator_elementor_export_templateprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1877

authwp_ajax_unitecreator_elementor_import_templateprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1887

WordPress Hooks 76

filterposts_whereinc_php\unitecreator_ajax_search.class.php:432

filterposts_whereinc_php\unitecreator_filters_process.class.php:1178

filterwp_bost_hide_cache_time_commentinc_php\unitecreator_filters_process.class.php:3640

actionplugins_loadedinc_php\unitecreator_filters_process.class.php:3792

actionwpinc_php\unitecreator_filters_process.class.php:3794

actionue_before_custom_posts_queryinc_php\unitecreator_filters_process.class.php:3796

actionelementor/element/section/section_background_overlay/after_section_endprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:934

actionelementor/element/container/section_background_overlay/after_section_endprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:935

actionelementor/frontend/section/after_renderprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:939

actionelementor/frontend/container/after_renderprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:940

actionwp_print_footer_scriptsprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:941

actionelementor/editor/initprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1820

actionelementor/elements/categories_registeredprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1822

actionelementor/widgets/widgets_registeredprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1825

actionelementor/widgets/registerprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1827

actionelementor/frontend/after_register_scriptsprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1829

actionelementor/editor/after_enqueue_scriptsprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1830

actionelementor/controls/controls_registeredprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1833

actionelementor/controls/registerprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1835

actionelementor/frontend/after_enqueue_scriptsprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1837

actionelementor/initprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1844

filterelementor/frontend/the_contentprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1847

filterpre_handle_404provider\core\unlimited_elements\elementor\elementor_integrate.class.php:1849

actionelementor/frontend/container/before_renderprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1852

actionelementor/frontend/section/before_renderprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1853

actionelementor/frontend/column/before_renderprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1854

actionelementor/frontend/widget/before_renderprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1855

actionelementor/frontend/before_get_builder_contentprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1857

filterwpml_elementor_widgets_to_translateprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1861

filterue_get_current_widget_settingsprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1865

filterpost_row_actionsprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1875

actionadmin_footerprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1884

actionadmin_enqueue_scriptsprovider\core\unlimited_elements\elementor\elementor_integrate.class.php:1885

filterupload_mimesprovider\core\unlimited_elements\helper_provider_core.class.php:1636

filterwp_check_filetype_and_extprovider\core\unlimited_elements\helper_provider_core.class.php:1640

filterposts_whereprovider\functions_wordpress.class.php:2383

filterscript_loader_tagprovider\functions_wordpress.class.php:4448

actionwidgets_initprovider\functions_wordpress.class.php:4719

actionadmin_print_scriptsprovider\functions_wordpress.class.php:4906

actionwp_print_scriptsprovider\functions_wordpress.class.php:4907

actionwp_print_scriptsprovider\functions_wordpress.class.php:4916

actionwp_after_insert_postprovider\functions_wordpress.class.php:4918

filterposts_orderbyprovider\integrations.class.php:228

filterunlimited_elements_get_user_dataprovider\integrations.class.php:468

filterue_modify_post_select_includebyprovider\integrations.class.php:528

filterue_get_custom_includeby_postidsprovider\integrations.class.php:530

filterue_modify_post_dataprovider\integrations.class.php:574

filterue_modify_post_grid_ajax_settingsprovider\integrations.class.php:655

filterue_modify_posts_query_argsprovider\integrations.class.php:658

filtershortpixel/image/filecheckprovider\integrations.class.php:676

filtershortpixel/plugin/initprovider\integrations.class.php:678

filterue_modify_posts_query_argsprovider\integrations.class.php:709

filterue_modify_post_select_includebyprovider\integrations.class.php:777

filterue_get_custom_includeby_postidsprovider\integrations.class.php:779

actionue_before_get_only_sticky_postsprovider\integrations.class.php:787

actionue_after_custom_posts_queryprovider\integrations.class.php:807

actionadmin_print_footer_scriptsprovider\provider_admin.class.php:745

actionwp_print_footer_scriptsprovider\provider_admin.class.php:746

actioninitprovider\provider_admin.class.php:1096

filterwp_php_error_messageprovider\provider_helper.class.php:1395

actionplugins_loadedprovider\provider_helper.class.php:1397

actioninitprovider\provider_helper.class.php:1398

actionplugins_loadedprovider\provider_helper.class.php:1430

actionwp_error_addedprovider\provider_params_processor.class.php:2549

actionpre_get_postsprovider\provider_params_processor.class.php:2563

actionpre_get_postsprovider\provider_params_processor.class.php:3204

filterterms_clausesprovider\provider_params_processor.class.php:5186

filterterms_clausesprovider\provider_params_processor.class.php:5222

filterterms_clausesprovider\provider_params_processor.class.php:5252

filterterms_clausesprovider\provider_params_processor.class.php:5266

actionue_woocommerce_product_integrationsprovider\woocommerce_integrate.class.php:45

actionue_woocommerce_product_integrations_bottomprovider\woocommerce_integrate.class.php:47

filterposts_clausesprovider\woocommerce_integrate.class.php:953

filterposts_clausesprovider\woocommerce_integrate.class.php:968

filterwoocommerce_add_to_cart_fragmentsprovider\woocommerce_integrate.class.php:1810

actionue_after_custom_posts_queryprovider\wpml_integrate.class.php:329

Maintenance & Trust

Unlimited Elements For Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version7.4

Downloads14.4M

Community Trust

Rating96/100

Number of ratings515

Active installs300K

Alternatives

Unlimited Elements For Elementor Alternatives

The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce

the-plus-addons-for-elementor-page-builder

Best Addons for Elementor with 120+ Elementor FREE & Pro Widgets & 1000+ Elementor Templates with Mega Menu, Post Grid, Header Footer, WooCommerce

100K 33 CVEs

Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits

master-addons

55+ Elementor widgets, 20+ extensions, Theme Builder, Popup Builder, Widget Builder & Template Kits — build any site without code.

30K 23 CVEs

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Elementor addons: Elementor widgets, Elementor templates, 80+ widgets, 4 000+ templates and sections, Mega Menu, Popup Builder, WooCommerce, AI tools.

10K 3 unpatched

Anant Addons for Elementor – Widgets, Templates & WooCommerce Builder

anant-addons-for-elementor

Extend Elementor with 80+ lightweight widgets, WooCommerce builder elements, header & footer builder, blog layouts, sliders, and ready-made Elemen …

900 1 unpatched

Wow Elements Addons for Elementor

wow-elements-addons-for-elementor

100

The most powerful free addons & widgets for Elementor. 175+ advanced features for responsive sites. Drag-and-drop, pixel-perfect, mobile friendly.

10 No CVEs

Developer Profile

Unlimited Elements For Elementor Developer Profile

Unlimited Elements

3 plugins · 310K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

53 days

View full developer profile

Detection Fingerprints

How We Detect Unlimited Elements For Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/unlimited-elements-for-elementor/assets/css/frontend.min.css/wp-content/plugins/unlimited-elements-for-elementor/assets/js/frontend.min.js/wp-content/plugins/unlimited-elements-for-elementor/provider/freemius/css/style.css

Version Parameters

unlimited-elements-for-elementor/assets/css/frontend.min.css?ver=unlimited-elements-for-elementor/assets/js/frontend.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

unlimited-elements-pro

Data Attributes

data-elementor-id

JS Globals

uefe_fs

REST Endpoints

/wp-json/unlimited-elements-for-elementor/

FAQ

Unlimited Elements For Elementor Security & Risk Analysis

Is Unlimited Elements For Elementor Safe to Use in 2026?

Mostly Safe

Key Concerns

Unlimited Elements For Elementor Security Vulnerabilities

CVEs by Year

Severity Breakdown

Unlimited Elements For Elementor Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Unlimited Elements For Elementor Attack Surface

AJAX Handlers 2

Unlimited Elements For Elementor Maintenance & Trust

Maintenance Signals

Community Trust

Unlimited Elements For Elementor Alternatives

The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce

Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

Anant Addons for Elementor – Widgets, Templates & WooCommerce Builder

Wow Elements Addons for Elementor

Unlimited Elements For Elementor Developer Profile

How We Detect Unlimited Elements For Elementor

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Unlimited Elements For Elementor