PT-2026-24200 · Elementor+1 · Elementor+1
Athiwat Tiprasaharn
+2
·
Published
2026-03-10
·
Updated
2026-03-10
·
CVE-2026-2724
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Unlimited Elements for Elementor plugin for WordPress versions prior to 2.0.6
Description
The Unlimited Elements for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the form entry fields. This is caused by inadequate input sanitization and output escaping of form submission data when displayed in the admin Form Entries Trash view. This allows unauthenticated attackers to inject arbitrary web scripts that will execute when an administrator views the trashed form entries.
Recommendations
Update the Unlimited Elements for Elementor plugin to version 2.0.6 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elementor
Unlimited Elements For Elementor