What is CVE-2026-4659 — Path Traversal in Unlimited Elements for Elementor?

CVE-2026-4659 is a vulnerability allowing attackers to read arbitrary files on a WordPress server using the Unlimited Elements for Elementor plugin. It's rated HIGH severity due to the potential for sensitive data exposure.

Am I affected by CVE-2026-4659 in Unlimited Elements for Elementor?

You are affected if you are using Unlimited Elements for Elementor version 2.0.6 or earlier. Check your plugin version and upgrade immediately if necessary.

How do I fix CVE-2026-4659 in Unlimited Elements for Elementor?

Upgrade the Unlimited Elements for Elementor plugin to version 2.0.7 or later. As a temporary workaround, disable the Repeater feature if upgrading is not immediately possible.

Is CVE-2026-4659 being actively exploited?

There is no confirmed active exploitation of CVE-2026-4659 as of the last update, but the vulnerability is publicly known and could be targeted.

Where can I find the official Unlimited Elements for Elementor advisory for CVE-2026-4659?

Refer to the official Unlimited Elements for Elementor plugin website or the WordPress plugin repository for the latest advisory and update information.

CVE-2026-4659 — Vulnerability Details

NEXTGUARD

Gratis scannen

CVE-2026-4659 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• wordpress / composer / npm:

grep -r '../' /var/www/html/wp-content/plugins/unlimited-elements-for-elementor/*

• generic web:

curl -I 'https://your-wordpress-site.com/wp-content/plugins/unlimited-elements-for-elementor/repeater.php?url=../../../../etc/passwd' # Check for file disclosure

Onbeperkte Elementen voor Elementor <= 2.0.6 - Authentiek (Contributor+) Willekeurig Bestand Lezen via Path Traversal in Repeater JSON/CSV URL met Path Traversal

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpen

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2026-4659 — Path Traversal in Unlimited Elements for Elementor?

Am I affected by CVE-2026-4659 in Unlimited Elements for Elementor?

How do I fix CVE-2026-4659 in Unlimited Elements for Elementor?

Is CVE-2026-4659 being actively exploited?

Where can I find the official Unlimited Elements for Elementor advisory for CVE-2026-4659?

Pakketinformatie

Is jouw project getroffen?

Detecteer deze CVE in je project