CVE-2026-4659 | unitecms Unlimited Elements for Elementor Plugin up to 2.0.6 on WordPress Setting URLtoRelative/URLToPath URL path traversal

Inserito da Angelo Barbosa | Apr 17, 2026 | CVE

A vulnerability categorized as critical has been discovered in unitecms Unlimited Elements for Elementor Plugin up to 2.0.6 on WordPress. This affects the function URLtoRelative/URLToPath of the component Setting Handler. Executing a manipulation of the argument URL can lead to path traversal.

This vulnerability is registered as CVE-2026-4659. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-4659 | unitecms Unlimited Elements for Elementor Plugin up to 2.0.6 on WordPress Setting URLtoRelative/URLToPath URL path traversal

Post correlati

CVE-2024-54257 | Molefed tydskrif Plugin up to 1.1.3 on WordPress cross site scripting

CVE-2024-36104 | Apache OFBiz up to 18.12.13 path traversal

CVE-2025-9249 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DHCPReserveAddGroup enable_group/name_group/ip_group/mac_group stack-based overflow

CVE-2025-27515 | Laravel Framework up to 11.44.0/12.1.0 wildcards or matching symbols (GHSA-78fx-h6xr-vch4)