Skip to main content

Easy Elements for Elementor CVE-2026-9018

| EUVD-2026-31410 HIGH
Improper Privilege Management (CWE-269)
2026-05-22 Wordfence GHSA-jvg6-x4cw-2wj7
WordPress Privilege Escalation
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 22, 2026 - 05:16 vuln.today

DescriptionNVD

The Easy Elements for Elementor - Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyel_handle_register() function. This is due to the wp_ajax_nopriv_eel_register AJAX handler iterating the attacker-controlled custom_meta POST array and writing every supplied key-value pair to the newly created user's meta via update_user_meta() without any key whitelist or blocklist, allowing the wp_capabilities user meta key to be overwritten after wp_insert_user() has already assigned a safe role. This makes it possible for unauthenticated attackers to register a new account with full administrator-level privileges by supplying custom_meta[wp_capabilities][administrator]=1. Exploitation requires that user registration is enabled on the site and that at least one page exposes the Login/Register widget, which publishes the required easy_elements_nonce into the page DOM where it can be retrieved by any unauthenticated visitor via a simple GET request.

AnalysisAI

Unauthenticated privilege escalation in the Easy Elements for Elementor WordPress plugin through version 1.4.5 allows remote attackers to register administrator accounts by abusing an unchecked custom_meta parameter in the eel_register AJAX handler. The flaw lets attackers overwrite the wp_capabilities user meta after wp_insert_user() has assigned a safe role, granting full site takeover. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

24 hours: Deactivate and remove the Easy Elements for Elementor plugin from all WordPress installations. 7 days: Audit WordPress administrator account creation logs and metadata changes; investigate any wp_capabilities modifications for unauthorized privilege elevation post-deployment. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-7862 HIGH POC
8.6 May 28

Unauthenticated refund abuse in the Eupago Gateway for WooCommerce WordPress plugin before 4.7.2 lets remote attackers t
CVE-2026-6960 CRITICAL
9.8 May 21

Unauthenticated arbitrary file upload in the BookingPress Pro WordPress plugin (versions ≤5.6) enables remote code execu
CVE-2026-8760 CRITICAL
9.8 May 27

Authentication bypass in the Login with OTP plugin for WordPress (all versions up to and including 1.6) lets unauthentic
CVE-2026-42727 CRITICAL
9.3 May 27

Blind SQL injection in the RealMag777 'Active Products Tables for WooCommerce' WordPress plugin (versions up to and incl
CVE-2026-42761 CRITICAL
9.3 May 27

Blind SQL injection in the RealMag777 "Active Products Tables for WooCommerce" WordPress plugin (all versions up to and

Share

CVE-2026-9018 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy