Skip to main content

Essential Addons for Elementor CVE-2026-5193

| EUVD-2026-30248 MEDIUM
Improper Privilege Management (CWE-269)
2026-05-14 Wordfence GHSA-xr97-92r9-j322
Privilege Escalation WordPress Essential Addons For Elementor Popular Elementor Templates Widgets Elementor
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 10:55 vuln.today
CVE Published
May 14, 2026 - 06:44 nvd
MEDIUM 6.5

DescriptionCVE.org

The Essential Addons for Elementor - Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor.

AnalysisAI

Privilege escalation in Essential Addons for Elementor (all versions ≤ 6.5.13) allows authenticated WordPress users with Author-level access or above to create new accounts with elevated roles such as Editor by exploiting the plugin's register_user function, which applies an incomplete role denylist that blocks only 'administrator' while leaving other privileged roles unguarded. The network-accessible, low-complexity attack vector (AV:N/AC:L/PR:L) makes this realistic for any site with the plugin's registration widget exposed and populated with low-trust authors. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain Author-level account on target WordPress site
Delivery
Identify active Essential Addons registration form widget
Exploit
Craft registration POST request specifying elevated role (e.g., editor)
Execution
Submit request to bypass incomplete administrator-only blocklist
Persist
New Editor-level account created successfully
Impact
Use escalated account to manipulate or inject site content
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated WordPress session with at minimum Author-level privileges - confirmed by CVSS PR:L (low-privilege authentication); unauthenticated exploitation is not supported by the attack vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.5 score is derived from AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N - network-accessible with low attack complexity and low privilege requirements, producing high integrity impact with no confidentiality or availability consequences. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding a legitimate Author-level account on a WordPress site running Essential Addons for Elementor ≤ 6.5.13 with the front-end registration widget active submits a crafted POST request to the registration endpoint, specifying 'editor' as the desired role. Because `register_user` only blocks 'administrator', the request succeeds and creates a new Editor-level WordPress account under the attacker's control. …
Remediation An upstream fix has been committed to the WordPress plugin SVN repository (changeset 3499726: https://plugins.trac.wordpress.org/changeset/3499726/essential-addons-for-elementor-lite/trunk/includes/Traits/Login_Registration.php); however, the exact released patched version number is not independently confirmed from available input data - the patch version is inferred to be above 6.5.13. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-5193 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy