Description

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'meta_query[compare]' parameter in the 'tcg_select2_search_post' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query without validation against an allowlist of comparison operators. The value is passed through esc_sql(), but since the payload operates as an operator (not inside quotes), esc_sql() has no effect on payloads that don't contain quote characters. This makes it possible for authenticated attackers, with Author-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

INFO

Published Date :

2026-03-21T03:27:04.700Z

Last Modified :

2026-04-08T17:24:42.209Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2503 vulnerability.

Vendors Products
Wordpress
  • Wordpress
Wpdive
  • Elementcamp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2503.

URL Resource
https://plugins.trac.wordpress.org/browser/element-camp/tags/2.3.6/elementor/extender/tcg-select2.php#L65 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/element-camp/tags/2.3.6/elementor/extender/tcg-select2.php#L83 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/element-camp/trunk/elementor/extender/tcg-select2.php#L65 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/element-camp/trunk/elementor/extender/tcg-select2.php#L83 cve-icon cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/cfb09dcd-f8ec-4b0a-ae77-4b4b7b54c93b?source=cve cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact