Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

unitecms — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting unitecms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

UniteCMS is a content management system designed for managing digital assets and web content, primarily serving enterprise environments requiring structured information delivery. Security audits have identified twenty-six Common Vulnerabilities and Exposures (CVEs) associated with the platform, indicating a persistent history of security flaws. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls within the application’s core modules. Notable incidents include multiple successful exploitation attempts that allowed attackers to gain unauthorized administrative access or inject malicious scripts into user-facing pages. The accumulation of these CVEs suggests that while the software offers robust content management features, its historical security posture has been compromised by recurring implementation errors, necessitating rigorous patch management and continuous monitoring to mitigate risks in production deployments.

Top products by unitecms: Unlimited Elements For Elementor Unlimited Addons for WPBakery Page Builder Addon Library Blox Page Builder Unlimited Elements for Elementor (Premium) Doubly – Cross Domain Copy Paste for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-4659 Unlimited Elements For Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal — Unlimited Elements For ElementorCWE-22 7.5 High2026-04-17
CVE-2026-2724 Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields — Unlimited Elements For ElementorCWE-79 7.2 High2026-03-10
CVE-2025-14274 Unlimited Elements for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget — Unlimited Elements For ElementorCWE-79 5.4 Medium2026-02-03
CVE-2025-14476 Doubly <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import — Doubly – Cross Domain Copy Paste for WordPressCWE-502 8.8 High2025-12-13
CVE-2025-13692 Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — Unlimited Elements for Elementor (Premium)CWE-79 7.2 High2025-11-27
CVE-2025-8603 Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting — Unlimited Elements For ElementorCWE-79 6.4 Medium2025-08-28
CVE-2025-1663 Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting — Unlimited Elements For ElementorCWE-79 6.4 Medium2025-04-03
CVE-2024-13155 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget — Unlimited Elements For ElementorCWE-79 6.4 Medium2025-02-20
CVE-2024-13153 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Unlimited Elements For ElementorCWE-79 6.4 Medium2025-01-09
CVE-2024-10784 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting — Unlimited Elements For ElementorCWE-79 6.4 Medium2024-12-12
CVE-2024-6315 Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload — Blox Page BuilderCWE-434 8.8 High2024-08-06
CVE-2024-6170 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' — Unlimited Elements For ElementorCWE-79 6.4 Medium2024-07-09
CVE-2024-6169 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' — Unlimited Elements For ElementorCWE-79 6.4 Medium2024-07-09
CVE-2024-6166 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection — Unlimited Elements For ElementorCWE-89 8.8 High2024-07-09
CVE-2024-6171 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass — Unlimited Elements For ElementorCWE-348 5.3 Medium2024-07-09
CVE-2024-5329 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter — Unlimited Elements For ElementorCWE-89 8.8 High2024-06-06
CVE-2024-3190 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field — Unlimited Elements For ElementorCWE-79 5.4 Medium2024-05-30
CVE-2023-6743 Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import — Unlimited Elements For ElementorCWE-1336 8.8 High2024-05-29
CVE-2024-4779 Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0] — Unlimited Elements For ElementorCWE-89 8.8 High2024-05-23
CVE-2024-3055 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection — Unlimited Elements For ElementorCWE-89 8.8 High2024-05-10
CVE-2024-3547 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting — Unlimited Elements For ElementorCWE-79 6.1 Medium2024-05-10
CVE-2024-2662 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection — Unlimited Elements For ElementorCWE-78 7.2 High2024-05-10
CVE-2024-0367 Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link — Unlimited Elements For ElementorCWE-79 6.4 Medium2024-03-30
CVE-2024-1710 Addon Library <= 1.3.76 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload — Addon LibraryCWE-862 8.8 High2024-02-24
CVE-2023-6925 Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload — Unlimited Addons for WPBakery Page BuilderCWE-434 7.2 High2024-02-05
CVE-2023-3295 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload — Unlimited Elements For ElementorCWE-434 8.8 High2023-06-17

This page lists every published CVE security advisory associated with unitecms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.