LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-45214

CVE-2026-45214 - Vulnerability Analysis

HighCVSS: 8.5

Last Updated: May 12, 2026

Xpro Xpro Elementor Addons - SQL Injection

Published: May 12, 2026Updated: May 12, 2026Remote Exploitable

Overview

Xpro Xpro Elementor Addons <= 1.5.1 contains an SQL injection caused by improper neutralization of special elements in SQL commands, letting attackers perform blind SQL injection remotely, exploit requires crafted input.

Severity & Score

Severity: High
CVSS Score: 8.5
EPSS Score: 3.0%(Probability of exploitation in next 30 days)

Impact

Attackers can perform blind SQL injection to extract or manipulate database information remotely.

Mitigation

Update to the latest version beyond 1.5.1.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
May 12, 2026

šŸŸ  CVE-2026-45214 - High (8.5) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through <= 1.5.1. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-45214/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 12, 2026

šŸŸ  CVE-2026-45214 - High (8.5) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through <= 1.5.1. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-45214/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 12, 2026

šŸŸ  CVE-2026-45214 - High (8.5) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through <= 1.5.1. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-45214/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 12, 2026

šŸŸ  CVE-2026-45214 - High (8.5) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through <= 1.5.1. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-45214/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-45214
Severity
High
CVSS Score
8.5
Type
sql_injection
Status
rejected
EPSS
3.0%
Social Posts
4

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

EPSS Score

3.0%Probability of exploitation in the next 30 days