Vulnerabilities

CVE-2026-0920 - LA-Studio Element Kit for Elementor <= 1.5.6.3 - unauthenticated privilege escala...

2026-01-22 0 views admin

CVE ID : CVE-2026-0920 Published : Jan. 22, 2026, 7:15 a.m. | 37 minutes ago Description : The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-0920

Severity

CRITICAL

Published

Jan. 22, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-0920criticalwordpress

CVE-2026-0920 - LA-Studio Element Kit for Elementor <= 1.5.6.3 - unauthenticated privilege escala...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-24038 - Horilla HR has 2FA Bypass through its OTP Handling Logic

CVE-2026-24037 - Horilla HRM has XSS Bypass through Project Name

CVE-2026-24036 - Horilla Exposes Unpublished Job Disclosures through Unauthenticated API

CVE-2026-24042 - Appsmith public apps can execute unpublished actions (viewMode confusion)

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3