Description
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.
Published: 2026-01-22
Score: 9.8 Critical
EPSS: 1.1% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The LA‑Studio Element Kit for Elementor plugin allows unauthenticated users to create accounts with any role through the 'ajax_register_handle' function. By supplying the 'lakit_bkrole' parameter, an attacker can invoke this endpoint to add a new administrator without being logged in, granting full control over the WordPress site. The vulnerability arises from the absence of role validation, enabling creation of privileged accounts that bypass normal security checks.

Affected Systems

This flaw affects the WordPress plugin LA‑Studio Element Kit for Elementor distribution from the vendor choijun. All releases up to and including version 1.5.6.3 are impacted, regardless of the WordPress core or theme configuration.

Risk and Exploitability

The CVSS score of 9.8 classifies this issue as Critical, with an EPSS of 1% indicating low but nonzero likelihood of exploitation. The bug is not listed in the CISA KEV catalog. Attackers can trigger the vulnerability via an unauthenticated POST request to the plugin’s AJAX endpoint, supplying an arbitrary value for 'lakit_bkrole', typically 'administrator'. No privileged access or network restrictions are required, making this a straightforward privilege escalation route.

Generated by OpenCVE AI on June 18, 2026 at 05:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the LA‑Studio Element Kit for Elementor plugin to version 1.5.6.4 or later, which enforces role validation and mitigates the CWE‑269 privilege escalation flaw.
  • If an immediate update is not possible, block unauthenticated POST requests to 'admin-ajax.php?action=ajax_register_handle' via web‑server rules or a firewall, thereby preventing exploitation of the CWE‑269 vulnerability.
  • After mitigation, audit existing user accounts for any unapproved administrator accounts that may have been created during the vulnerability exposure, and remove them.

Generated by OpenCVE AI on June 18, 2026 at 05:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Choijun
Choijun la-studio-element-kit-for-elementor
Wordpress
Wordpress wordpress
Vendors & Products Choijun
Choijun la-studio-element-kit-for-elementor
Wordpress
Wordpress wordpress

Thu, 22 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 22 Jan 2026 07:00:00 +0000

Type Values Removed Values Added
Description The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.
Title LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Choijun La-studio-element-kit-for-elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:57:54.646Z

Reserved: 2026-01-13T19:56:37.679Z

Link: CVE-2026-0920

cve-icon Vulnrichment

Updated: 2026-01-22T15:19:52.754Z

cve-icon NVD

Status : Deferred

Published: 2026-01-22T07:15:50.813

Modified: 2026-06-17T10:11:38.037

Link: CVE-2026-0920

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T05:45:02Z

Weaknesses
  • CWE-269

    Improper Privilege Management