CVE-2023-3295
📋 TL;DR
This vulnerability in the Unlimited Elements For Elementor WordPress plugin allows authenticated attackers with contributor-level permissions or higher to upload arbitrary files due to missing file type validation. This can lead to remote code execution on affected WordPress sites. The issue affects versions up to and including 1.5.66.
💻 Affected Systems
- Unlimited Elements For Elementor (Free Widgets, Addons, Templates) WordPress plugin
📦 What is this software?
Unlimited Elements For Elementor by Unlimited Elements
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through remote code execution, allowing attackers to install backdoors, steal data, deface websites, or use the server for further attacks.
Likely Case
Attackers upload web shells to gain persistent access, execute arbitrary commands, and potentially escalate privileges to compromise the entire WordPress installation.
If Mitigated
With proper file upload restrictions and security controls, impact is limited to potential file storage abuse without code execution.
🎯 Exploit Status
Exploitation requires contributor-level WordPress credentials. The vulnerability is in file manager functionality with missing file type validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.67
Vendor Advisory: https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_assets.class.php#L1005
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Unlimited Elements For Elementor'. 4. Click 'Update Now' if available. 5. If not available, download version 1.5.67+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the Unlimited Elements For Elementor plugin until patched
wp plugin deactivate unlimited-elements-for-elementor
Restrict file uploads
linuxImplement server-side file upload restrictions via .htaccess or web server configuration
# Add to .htaccess:
<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|sh|cgi)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Remove contributor and higher permissions from untrusted users
- Implement web application firewall rules to block suspicious file uploads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Unlimited Elements For Elementor → Version. If version is 1.5.66 or lower, you are vulnerable.Check Version:
wp plugin get unlimited-elements-for-elementor --field=versionVerify Fix Applied:
Verify plugin version is 1.5.67 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads/unlimited_elements/
- POST requests to /wp-admin/admin-ajax.php with action=ue_upload_file
- Files with .php, .phtml, or other executable extensions in upload directories
Network Indicators:
- HTTP POST requests with file uploads to WordPress admin endpoints from contributor-level users
SIEM Query:
source="wordpress.log" AND ("ue_upload_file" OR "unlimited_elements" AND "upload")🔗 References
- https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_assets.class.php#L1005
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ce1ac711-6026-49ef-b66b-2cc199697942?source=cve
- https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_assets.class.php#L1005
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ce1ac711-6026-49ef-b66b-2cc199697942?source=cve
