High severity8.5NVD Advisory· Published May 25, 2026· Updated May 26, 2026
CVE-2026-48837
CVE-2026-48837
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection.
This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.0.8+ 1 more
- (no CPE)range: <=2.0.8
- (no CPE)range: <=2.0.8
Patches
Vulnerability mechanics
References
1News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (May 25, 2026 to May 31, 2026)Wordfence Blog · Jun 4, 2026