CVE-2023-33930 – WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability

https://notcve.org/view.php?id=CVE-2023-33930

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.66. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Unlimited Elements Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos) permite la inyección de código. Este problema afecta a Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos): desde n/a hasta 1.5. 66. The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files within zip files in the File Manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-66-unrestricted-zip-extraction-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •