CVE-2026-0920 in LA-Studio Element Kit for Elementor Plugininformazioni

Riassunto

di MITRE • 22/01/2026

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Divulgazione

22/01/2026

Moderazione

accettato

CPE

pronto

EPSS

0.01078

KEV

no

Attività

molto basso

Fonti

Might our Artificial Intelligence support you?

Check our Alexa App!