CVE-2026-48837: WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability
Published May 25, 2026
·Updated
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.
Affected Software
1 affected component
Unlimited Elements Unlimited Elements For Elementor<=2.0.8
Remediation
Information
Update the WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin to the latest available version (at least 2.0.9).
Event History
May 25, 2026
CVE Published
via MITRE·10:05 PM
Data Sourced
via MITRE·10:05 PM
RemedyDescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2026-48837?
CVE-2026-48837 has a severity rating of high with a score of 8.5.
2
How do I fix CVE-2026-48837?
To fix CVE-2026-48837, update the Unlimited Elements For Elementor plugin to version 2.0.9 or later.
3
What type of vulnerability is CVE-2026-48837?
CVE-2026-48837 is classified as an SQL Injection vulnerability.
4
Which version of the plugin is affected by CVE-2026-48837?
CVE-2026-48837 affects Unlimited Elements For Elementor plugin versions from n/a through 2.0.8.
5
What is the impact of CVE-2026-48837?
The impact of CVE-2026-48837 includes the possibility of Blind SQL Injection, which can lead to unauthorized data access.