A vulnerability has been found in unitecms Unlimited Elements for Elementor Plugin up to 2.0.7 on WordPress and classified as critical . This impacts the function normalizeAjaxInputData . The manipulation of the argument filter_search leads to sql injection. This vulnerability is traded as CVE-2026-5486 . It is possible to initiate the attack remotely. There is no exploit available.