CVE-2026-48837

HIGH

WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability

Title source: cna

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.

References (1)

Core 1

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/wordpress/plugin/unlimited-elements-for-elementor/vulnerability/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-2-0-8-sql-injection-vulnerability?_s_id=cve

Scores

CVSS v3 8.5

EPSS 0.0034

EPSS Percentile 25.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Unlimited Elements/Unlimited Elements For Elementor < 2.0.8

Published May 25, 2026

Tracked Since May 26, 2026