CVE-2023-31090
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites running the Unlimited Elements for Elementor plugin. Attackers can achieve remote code execution and full server compromise. All WordPress sites using affected plugin versions are vulnerable.
💻 Affected Systems
- Unlimited Elements for Elementor (Free Widgets, Addons, Templates)
📦 What is this software?
Unlimited Elements For Elementor by Unlimited Elements
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover with persistent backdoor installation, data exfiltration, and lateral movement to other systems.
Likely Case
Web shell upload leading to website defacement, data theft, and cryptocurrency mining malware installation.
If Mitigated
Limited impact with proper file upload restrictions and web application firewalls blocking malicious payloads.
🎯 Exploit Status
Exploitation requires authenticated user access but is trivial once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.61 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Unlimited Elements for Elementor'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.5.61+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate unlimited-elements-for-elementor
Restrict file uploads
linuxConfigure web server to block PHP file execution in upload directories
location ~* \.php$ { deny all; }
🧯 If You Can't Patch
- Implement strict file upload validation at web application firewall level
- Monitor upload directories for suspicious files and implement file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Unlimited Elements for Elementor → Version. If version is 1.5.60 or lower, you are vulnerable.Check Version:
wp plugin get unlimited-elements-for-elementor --field=versionVerify Fix Applied:
Verify plugin version is 1.5.61 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads/unlimited-elements/
- POST requests to /wp-admin/admin-ajax.php with file upload parameters
- Execution of PHP files from upload directories
Network Indicators:
- HTTP requests with zip file uploads to plugin endpoints
- Outbound connections from web server to unknown IPs after file upload
SIEM Query:
source="web_server" AND (uri_path="*admin-ajax.php*" AND method="POST" AND (form_data="*action=ue_upload_zip*" OR form_data="*unlimited_elements*"))🔗 References
- https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-60-unrestricted-zip-extraction-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-60-unrestricted-zip-extraction-vulnerability?_s_id=cve
