This vulnerability in bdthemes Element Pack Elementor Addons (up to version 8.4.2) involves improper neutralization of special elements in SQL commands, enabling blind SQL injection. The CVSS score of 7.6 indicates a high severity with network attack vector, low attack complexity, requiring high privileges, no user interaction, and a scope change. The impact affects confidentiality (high) and availability (low), with no integrity impact. No official patch or remediation level has been provided by the vendor as of the published date.

An attacker with high privileges can exploit this blind SQL injection vulnerability to extract sensitive information from the database, compromising confidentiality. The vulnerability does not affect integrity but may cause limited availability issues. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict high privilege access to the affected plugin and monitor for unusual database activity. Avoid exposing the vulnerable plugin to untrusted users. Follow vendor updates closely for patches or official mitigations.