HIGHCVE-2026-48837Published 2026-05-25Modified 2026-05-26CNA Patchstack

CVE-2026-48837: WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.

CVSS v3.1: 8.5
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Unlimited Elements / Unlimited Elements For Elementor
≤ 2.0.8

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

References

patchstack.com

Metrics