CVE-2026-0920 in LA-Studio Element Kit for Elementor Plugin
Riassunto
di MITRE • 22/01/2026
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.