Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/05/14 2:26 a.m.43 views

CVE-2026-5486 Unlimited Elements For Elementor <= 2.0.7 - Authenticated (Contributor+) SQL Injection via 'filter_search' Parameter

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafiltersearch' parameter in the getcataddons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined...

6.5CVSS0.00492EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:26 a.m.6 views

CVE-2026-5486

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafiltersearch' parameter in the getcataddons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined...

6.5CVSS6AI score0.00492EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/05/14 2:26 a.m.7 views

CVE-2026-5486 Unlimited Elements For Elementor <= 2.0.7 - Authenticated (Contributor+) SQL Injection via 'filter_search' Parameter

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafiltersearch' parameter in the getcataddons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined...

6.5CVSS6AI score0.00492EPSS
Exploits0References10
CVE
CVE
added 2026/05/14 2:26 a.m.15 views

CVE-2026-5486

CVE-2026-5486 affects the WordPress plugin Unlimited Elements for Elementor, versions up to and including 2.0.7. The vulnerability lies in get_cat_addons via the data[filter_search] parameter, where insufficient input sanitization, use of deprecated escaping, and direct string concatenation into ...

6.5CVSS6AI score0.00492EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/14 2:26 a.m.24 views

EUVD-2026-30214

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafiltersearch' parameter in the getcataddons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined...

6.5CVSS6AI score0.00492EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-40848

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafilter search' parameter in the get cat addons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions...

6.5CVSS6AI score0.00492EPSS
Exploits0References11
Rows per page
Query Builder