CVE-2026-4659 | unitecms Unlimited Elements for Elementor Plugin up to 2.0.6 on WordPress Setting URLtoRelative/URLToPath URL path traversal

A vulnerability categorized as critical has been discovered in unitecms Unlimited Elements for Elementor Plugin up to 2.0.6 on WordPress. This affects the function URLtoRelative/URLToPath of the component Setting Handler. Executing a manipulation of the argument URL can lead to path traversal.

This vulnerability is registered as CVE-2026-4659. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More