CVE-2025-13692

Name of the Vulnerable Software and Affected Versions Unlimited Elements For Elementor plugin for WordPress versions prior to 2.1

Description The Unlimited Elements For Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages when a user accesses the SVG file. Exploitation requires a form with a file upload field created using the premium version of the plugin, but the issue remains exploitable even after deactivation or uninstallation of the premium version.

Recommendations Update to version 2.1 or later.