2026-01-22 06:47:19
Wordfence
PUBLISHED
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the ajax_register_handle function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the lakit_bkrole parameter during registration and gain administrator access to the site.