cleantalk
Vulnerabilities and Security Researches

Unlimited Elements For Elementor (Free Widgets, Addons, Templates), CVE-2026-48837

CVE, Research URL

CVE-2026-48837

Home page URL

Security reports for Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Application

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Published on
May 25, 2026
Research Description
Unlimited Elements For Elementor [unlimited-elements-for-elementor] < 2.0.9 CVE-2026-48837 [en] Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.
Affected versions
max 2.0.9.
Status
vulnerable
Previous vulnerability researches
Wireless Butler (CVE-2025-26997) , Apr 15, 2025
New vulnerability
WP Activity Log (CVE-2026-45435) , May 26, 2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-48837) , May 26, 2026
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode , May 26, 2026
Instant Images &#8211; One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels , May 26, 2026
Enable Media Replace , May 26, 2026