Description

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative() and urlToPath() functions, combined with the ability to enable debug output in widget settings. The URLtoRelative() function only performs a simple string replacement to remove the site's base URL without sanitizing path traversal sequences (../), and the cleanPath() function only normalizes directory separators without removing traversal components. This allows an attacker to provide a URL like http://site.com/../../../../etc/passwd which, after URLtoRelative() strips the domain, results in /../../../../etc/passwd being concatenated with the base path and ultimately resolved to /etc/passwd. This makes it possible for authenticated attackers with Author-level access and above to read arbitrary local files from the WordPress host, including sensitive files such as wp-config.

INFO

Published Date :

2026-04-17T06:44:49.739Z

Last Modified :

2026-04-17T12:14:39.811Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2026-4659 vulnerability.

Vendors Products
Unitecms
  • Unlimited Elements For Elementor
Wordpress
  • Wordpress
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4659.

URL Resource
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/inc_php/unitecreator_helper.class.php#L643 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/inc_php/unitecreator_helper.class.php#L667 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/inc_php/unitecreator_operations.class.php#L710 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/provider/provider_helper.class.php#L597 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/provider/provider_helper.class.php#L607 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_helper.class.php#L643 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_helper.class.php#L667 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_operations.class.php#L710 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/provider_helper.class.php#L597 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/provider_helper.class.php#L607 cve-icon cve-icon
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3504458%40unlimited-elements-for-elementor&new=3504458%40unlimited-elements-for-elementor&sfp_email=&sfph_mail= cve-icon cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/9e7e3763-4606-4fc4-aa0f-b67e6087bdc2?source=cve cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact