Description
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.
Published: 2026-01-22
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to Administrator
Action: Immediate Patch
AI Analysis

Impact

The LA‑Studio Element Kit for Elementor plugin allows unauthenticated users to create accounts with any role through the 'ajax_register_handle' function. By supplying the 'lakit_bkrole' parameter, an attacker can invoke this endpoint to add a new administrator without being logged in, granting full control over the WordPress site. The vulnerability arises from the absence of role validation, enabling creation of privileged accounts that bypass normal security checks.

Affected Systems

This flaw affects the WordPress plugin LA‑Studio Element Kit for Elementor distribution from the vendor choijun. All releases up to and including version 1.5.6.3 are impacted, regardless of the WordPress core or theme configuration.

Risk and Exploitability

The CVSS score of 9.8 classifies this issue as Critical, with an EPSS of less than 1% indicating low but nonzero likelihood of exploitation. The bug is not listed in the CISA KEV catalog. Attackers can trigger the vulnerability via an unauthenticated POST request to the plugin’s AJAX endpoint, supplying an arbitrary value for 'lakit_bkrole', typically 'administrator'. No privileged access or network restrictions are required, making this a straightforward privilege escalation route.

Generated by OpenCVE AI on April 15, 2026 at 19:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the LA‑Studio Element Kit for Elementor plugin to version 1.5.6.4 or later, which applies the necessary role validation.
  • If an immediate update is not possible, disable the susceptible AJAX endpoint by blocking requests to 'admin-ajax.php?action=ajax_register_handle' through web server rules or a firewall.
  • After mitigation, audit existing user accounts for any unapproved administrator accounts that may have been created during the vulnerability exposure and remove them.

Generated by OpenCVE AI on April 15, 2026 at 19:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Choijun
Choijun la-studio-element-kit-for-elementor
Wordpress
Wordpress wordpress
Vendors & Products Choijun
Choijun la-studio-element-kit-for-elementor
Wordpress
Wordpress wordpress

Thu, 22 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 22 Jan 2026 07:00:00 +0000

Type Values Removed Values Added
Description The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.
Title LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Choijun La-studio-element-kit-for-elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:57:54.646Z

Reserved: 2026-01-13T19:56:37.679Z

Link: CVE-2026-0920

cve-icon Vulnrichment

Updated: 2026-01-22T15:19:52.754Z

cve-icon NVD

Status : Deferred

Published: 2026-01-22T07:15:50.813

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0920

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T19:15:12Z

Weaknesses