CVE-2026-9018
HighSummary
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 1.4.5 via the `easyel_handle_register()` function. This is due to the lack of a key whitelist in the `wp_ajax_nopriv_eel_register` AJAX handler, allowing attackers to overwrite the `wp_capabilities` key and gain full administrator privileges.
Risk Assessment
The organization is at risk of unauthorized users registering accounts with full administrator privileges, potentially leading to serious security breaches. Specifically, if user registration is enabled, attackers can easily gain access to sensitive data.
Recommendation
It is recommended to update the plugin to the latest version to mitigate this vulnerability. Additionally, consider disabling user registration if it is not necessary.
Original NVD description (English source)
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` function. This is due to the `wp_ajax_nopriv_eel_register` AJAX handler iterating the attacker-controlled `custom_meta` POST array and writing every supplied key-value pair to the newly created user's meta via `update_user_meta()` without any key whitelist or blocklist, allowing the `wp_capabilities` user meta key to be overwritten after `wp_insert_user()` has already assigned a safe role. This makes it possible for unauthenticated attackers to register a new account with full administrator-level privileges by supplying `custom_meta[wp_capabilities][administrator]=1`. Exploitation requires that user registration is enabled on the site and that at least one page exposes the Login/Register widget, which publishes the required `easy_elements_nonce` into the page DOM where it can be retrieved b

