CVE Catalog

CVE-2026-7284

Critical
Published: Translated: NVD NIST

Summary

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to and including 1.4.4. The 'easyel_handle_register' function does not restrict user roles, allowing unauthenticated attackers to assign the 'administrator' role during registration.

Risk Assessment

Attackers can gain administrative access to the site, posing a serious threat to data security and system integrity.

Recommendation

It is recommended to update the plugin to the latest version and implement additional security measures in the user registration process.

Original NVD description (English source)

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS