CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection.

This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.

More information : https://patchstack.com/database/wordpress/plugin/unlimited-elements-for-elementor/vulnerability/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-2-0-8-sql-injection-vulnerability?_s_id=cve