PT-2026-40885 · WordPress · Essential Addons For Elementor

·

CVE-2026-5193

·

Published

2026-05-14

·

Updated

2026-05-14

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor versions prior to 6.5.14
Description Insufficient role validation in the register user() function allows authenticated attackers with author level access or higher to create new user accounts with elevated privileges, such as editor. The issue occurs because the function only blocks the 'administrator' role from being assigned.
Recommendations Update to a version later than 6.5.13. As a temporary workaround, restrict access to the register user() function to minimize the risk of privilege escalation.

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-5193

Affected Products

Essential Addons For Elementor