Vulnerabilities and security researches forunlimited-elementor-inner-sections-by-boomdevs unlimited-elementor-inner-sections-by-boomdevs

Jun 10, 2026

CVE, Research URL: CVE-2026-8677
Home page URL: Security reports for Unlimited Elementor Inner Sections By BoomDevs
Application: Unlimited Elementor Inner Sections By BoomDevs
Date: Jun 09, 2026
Research Description: The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploit succeeds even for users without the unfiltered_html capability because the payload (e.g., 'img src=x onerror=alert(document.domain)') contains no HTML angle brackets and therefore passes through Elementor's wp_kses_post() filter unchanged at save time.
Affected versions: max 1.3.4.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-32110
Home page URL: Security reports for Unlimited Elementor Inner Sections By BoomDevs
Application: Unlimited Elementor Inner Sections By BoomDevs
Date: -
Research Description: Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages [unlimited-elementor-inner-sections-by-boomdevs] < 1.0.5 CVE-2024-32110
Affected versions: max 1.0.5.
Status: vulnerable

CVE, Research URL: 7a81206b20b1cb990ff53efa2f17a2b413240f00
Home page URL: Security reports for Unlimited Elementor Inner Sections By BoomDevs
Application: Unlimited Elementor Inner Sections By BoomDevs
Date: Sep 04, 2023
Research Description: Unlimited Elementor Inner Sections By BoomDevs [unlimited-elementor-inner-sections-by-boomdevs] < 1.0.0 WordPress Unlimited Elementor Inner Sections By BoomDevs Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) No patched version is available. No reply from the vendor. Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Unlimited Elementor Inner Sections By BoomDevs Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.
Affected versions: max 1.0.0.
Status: vulnerable