CVE-2024-2662

Name of the Vulnerable Software and Affected Versions The Unlimited Elements For Elementor plugin for WordPress versions up to, and including, 1.5.102

Description The issue is due to insufficient filtering of template attributes during the creation of HTML for custom widgets. This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server.

Recommendations For versions up to, and including, 1.5.102, update to a version that fixes the command injection issue. As a temporary workaround, consider restricting access to custom widget creation to minimize the risk of exploitation.