Description
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through < 1.5.6.3.
Published: 2026-02-03
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to plugin data and configuration
Action: Assess
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the LA‑Studio Element Kit for Elementor WordPress plugin. Attackers who can reach the plugin’s administration pages may obtain access to restricted settings or data that should be limited to privileged users. The flaw is a classic missing or incorrect access control, identified as CWE‑862, and could expose configuration information or modify content without proper permissions.

Affected Systems

WordPress installations using the LA‑Studio Element Kit for Elementor plugin with versions prior to 1.5.6.3 are affected. The impact applies to all users who can interact with the plugin’s administrative interface in those versions.

Risk and Exploitability

The CVSS score of 4.3 indicates a low‑to‑medium severity, and the EPSS score of less than 1% suggests a very low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through exploitation of improperly configured access control within the plugin’s admin area; it is inferred that an adversary would need access to a user account in the WordPress installation that has sufficient privileges to view or modify the plugin’s settings, unless the plugin itself accepts unauthenticated requests to privileged endpoints.

Generated by OpenCVE AI on April 16, 2026 at 17:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the LA‑Studio Element Kit for Elementor plugin to version 1.5.6.3 or later to apply the vendor‑supplied fix.
  • Configure WordPress role‑based access control so that only administrators or designated high‑privilege roles can access the plugin’s administration pages, and verify capability checks on every endpoint exposed by the plugin.
  • Deploy a web application firewall that enforces authentication and validates user capabilities on all requests to the plugin’s privileged URLs, logging any unauthorized attempts.

Generated by OpenCVE AI on April 16, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared La-studioweb
La-studioweb element Kit For Elementor
Wordpress
Wordpress wordpress
Vendors & Products La-studioweb
La-studioweb element Kit For Elementor
Wordpress
Wordpress wordpress

Tue, 03 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Feb 2026 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through < 1.5.6.3.
Title WordPress LA-Studio Element Kit for Elementor plugin < 1.5.6.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

La-studioweb Element Kit For Elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:14:32.424Z

Reserved: 2026-01-28T09:50:29.517Z

Link: CVE-2026-24947

cve-icon Vulnrichment

Updated: 2026-02-03T17:11:55.811Z

cve-icon NVD

Status : Deferred

Published: 2026-02-03T15:16:15.880

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24947

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T17:45:27Z

Weaknesses