WordPress Plugin Vulnerabilities

LA-Studio Element Kit for Elementor < 1.6.0 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter

Description

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.

Affects Plugins

Plugin icon
lastudio-element-kit
Fixed in 1.6.0

References

CVE
CVE-2026-0920
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/65ebc744-6cc2-47ce-b225-81820e49d59c

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Athiwat Tiprasaharn (Jitlada), Itthidej Aramsri (Boeing777), Waris Damkham
Verified
No
WPVDB ID
e7016d20-6272-4acb-9ab2-1b7103204575

Timeline

Publicly Published
2026-01-21 (about 5 months ago)
Added
2026-01-21 (about 5 months ago)
Last Updated
2026-01-22 (about 5 months ago)

Other

Published
Title
Published
2026-04-10
Title
BuddyPress Groupblog < 1.9.4 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR
Published
2023-06-19
Title
MStore API < 3.9.9 - Unauthenticated Privilege Escalation
Published
2025-03-06
Title
InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation
Published
2020-04-28
Title
LearnPress < 3.2.6.9 - Privilege Escalation to "LP Instructor"
Published
2025-02-28
Title
Exertio Framework < 1.3.2 - Unauthenticated Arbitrary User Password Update