CVE-2026-27041
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-27041
EUVD
EUVD-2026-37668
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
unlimited_elements unlimited_elements_for_elementor_premium to 2.0.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27041 is an Arbitrary File Upload vulnerability in the WordPress Unlimited Elements for Elementor (Premium) plugin, affecting versions 2.0.6 and below.

This vulnerability allows attackers to upload malicious files, such as backdoors, to compromised websites.

Exploiting this flaw can lead to unauthorized access to the affected websites.

Impact Analysis

The vulnerability has a high severity score of 9.9, indicating a significant risk.

If exploited, attackers could gain unauthorized access to your website by uploading malicious files.

This could lead to website compromise, data breaches, defacement, or use of your site for malicious activities.

The vulnerability is actively targeted in mass-exploit campaigns, putting thousands of websites at risk regardless of their size or popularity.

Immediate action such as updating the plugin or applying mitigation rules is advised to protect your site.

Mitigation Strategies

Immediate mitigation steps include updating the Unlimited Elements for Elementor (Premium) plugin to a version above 2.0.6 once an official patch is released.

Until an official fix is available, applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability is advised.

Additionally, seeking assistance from your hosting provider or a web developer to implement protective measures is recommended.

Compliance Impact

The vulnerability allows attackers to upload arbitrary malicious files, including backdoors, which can lead to unauthorized access to websites. Such unauthorized access and potential data breaches could result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.

Because the vulnerability poses a high risk of confidentiality, integrity, and availability impacts (CVSS score 9.9), affected organizations may face compliance violations if the vulnerability is exploited and sensitive data is compromised.

Immediate mitigation or patching is advised to reduce the risk of non-compliance due to potential data breaches or unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27041. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart