What is the CVSS score of CVE-2026-45214?

CVE-2026-45214 has a CVSS 3.1 base score of 8.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of Xpro Elementor Addons are affected by CVE-2026-45214?

Xpro Elementor Addons plugin versions up to 1.5.1 contain a blind SQL injection vulnerability that allows authenticated attackers with low-privilege access to extract sensitive database contents,…

Xpro Elementor Addons CVE-2026-45214

Q: How to fix or mitigate CVE-2026-45214?

Within 24 hours: Disable or remove Xpro Elementor Addons plugin on all WordPress instances running version 1.5.1 or earlier; document all affected sites and user accounts with plugin access. Within 7 days: Audit database access logs and user credential repositories for unauthorized queries or access patterns; rotate all WordPress database user passwords and site API keys. Within 30 days: Monitor vendor advisory channels for patch release to version 1.5.2 or later; conduct full database integrity audit and implement Web Application Firewall rules to detect SQL injection patterns specific to Elementor plugins.

EUVD-2026-29456 HIGH

SQL Injection (CWE-89)

2026-05-12 Patchstack

GHSA-h67w-h28r-2hgc

SQLi

8.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

May 12, 2026 - 11:32 vuln.today

CVE Published

May 12, 2026 - 11:02 nvd

HIGH 8.5

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through <= 1.5.1.

AnalysisAI

Blind SQL injection in Xpro Elementor Addons allows authenticated attackers to extract sensitive database contents including user credentials and site configurations. The vulnerability affects WordPress sites running plugin versions up to 1.5.1 and requires only low-privileged authenticated access (CVSS PR:L) with no user interaction. …

RemediationAI

Within 24 hours: Disable or remove Xpro Elementor Addons plugin on all WordPress instances running version 1.5.1 or earlier; document all affected sites and user accounts with plugin access. Within 7 days: Audit database access logs and user credential repositories for unauthorized queries or access patterns; rotate all WordPress database user passwords and site API keys. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45214 vulnerability details – vuln.today

Back