PT-2026-40885 · WordPress · Essential Addons For Elementor
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Essential Addons for Elementor versions prior to 6.5.14
Description
Insufficient role validation in the
register user() function allows authenticated attackers with author level access or higher to create new user accounts with elevated privileges, such as editor. The issue occurs because the function only blocks the 'administrator' role from being assigned.Recommendations
Update to a version later than 6.5.13.
As a temporary workaround, restrict access to the
register user() function to minimize the risk of privilege escalation.Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Essential Addons For Elementor