This vulnerability involves improper neutralization of special elements in SQL commands within the Shahjada Download Manager Addons for Elementor plugin, enabling Blind SQL Injection attacks. It affects all versions up to and including 1.3.0. The CVSS score of 9.3 indicates a critical severity with network attack vector, low attack complexity, no privileges or user interaction required, and a scope change. The impact includes high confidentiality loss and low availability impact, but no integrity impact. There is no vendor advisory or patch information provided at this time.

An attacker can exploit this vulnerability remotely without authentication to perform Blind SQL Injection, potentially extracting sensitive database information (confidentiality impact) and causing partial denial of service (availability impact). Integrity is not impacted according to the CVSS vector. No known exploits in the wild have been reported yet.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider disabling or removing the affected plugin version or applying any recommended temporary mitigations from the vendor. Monitor official Shahjada or Elementor security channels for updates.