CVE-2021-4447

Name of the Vulnerable Software and Affected Versions The Essential Addons for Elementor plugin for WordPress versions up to and including 4.6.4

Description The issue is related to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.

Recommendations For versions up to and including 4.6.4, update the plugin to the latest version to protect the site. As a temporary workaround, consider restricting access to the Elementor page builder to minimize the risk of exploitation. Avoid using the registration form feature in the affected plugin until the issue is resolved.