HIGH
Unlimited Elements
CVE published 2026-05-25
CVE-2026-48837
A blind SQL injection vulnerability exists in the WordPress plugin Unlimited Elements For Elementor, affecting versions up to and including 2.0.8. The vulnerability stems from improper neutralization of special elements in SQL commands (CWE-89), allowing authenticated attackers with low privileges to manipulate database queries. The CVSS 3.1 score of 8.5 (High severity) reflects network attack vector, low [truncated]