Home

Description

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.

PUBLISHED Reserved 2026-01-13 | Published 2026-01-22 | Updated 2026-01-22 | Assigner Wordfence




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-269 Improper Privilege Management

Product status

Default status
unaffected

* (semver)
affected

Timeline

2026-01-13:Vendor Notified
2026-01-21:Disclosed

Credits

Athiwat Tiprasaharn finder

Itthidej Aramsri finder

Waris Damkham finder

References

www.wordfence.com/...-6cc2-47ce-b225-81820e49d59c?source=cve

plugins.trac.wordpress.org/...udes/integrations/override.php

plugins.trac.wordpress.org/...t/3439121/lastudio-element-kit

cve.org (CVE-2026-0920)

nvd.nist.gov (CVE-2026-0920)

Download JSON