CVE-2026-7284

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.4.5

Description The plugin allows unauthenticated attackers to gain administrator access to a site through privilege escalation during user registration. This occurs because the easyel handle register() function fails to restrict the user roles that can be assigned during the registration process, enabling an attacker to specify the administrator role.

Recommendations Update the plugin to a version later than 1.4.4. As a temporary workaround, restrict access to the user registration functionality until the update is applied.