What is GHSA-679r-jm2j-3cr6?

GHSA-679r-jm2j-3cr6 is a security advisory published by GitHub Security Advisories with High severity. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...

Which CVE IDs does GHSA-679r-jm2j-3cr6 cover?

GHSA-679r-jm2j-3cr6 covers the following CVE IDs: CVE-2026-48837. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-679r-jm2j-3cr6?

GHSA-679r-jm2j-3cr6 has a CVSS v3 base score of 8.5, published by GitHub Security Advisories.

GHSA-679r-jm2j-3cr6HighCVSS 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-48837 →

📋 Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection.

This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-48837
https://patchstack.com/database/wordpress/plugin/unlimited-elements-for-elementor/vulnerability/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-2-0-8-sql-injection-vulnerability?_s_id=cve
https://github.com/advisories/GHSA-679r-jm2j-3cr6