EUVD-2026-30248
GHSA-xr97-92r9-j322
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Essential Addons for Elementor - Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor.
AnalysisAI
Privilege escalation in Essential Addons for Elementor (all versions ≤ 6.5.13) allows authenticated WordPress users with Author-level access or above to create new accounts with elevated roles such as Editor by exploiting the plugin's register_user function, which applies an incomplete role denylist that blocks only 'administrator' while leaving other privileged roles unguarded. The network-accessible, low-complexity attack vector (AV:N/AC:L/PR:L) makes this realistic for any site with the plugin's registration widget exposed and populated with low-trust authors. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated WordPress session with at minimum Author-level privileges - confirmed by CVSS PR:L (low-privilege authentication); unauthenticated exploitation is not supported by the attack vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.5 score is derived from AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N - network-accessible with low attack complexity and low privilege requirements, producing high integrity impact with no confidentiality or availability consequences. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker holding a legitimate Author-level account on a WordPress site running Essential Addons for Elementor ≤ 6.5.13 with the front-end registration widget active submits a crafted POST request to the registration endpoint, specifying 'editor' as the desired role. Because `register_user` only blocks 'administrator', the request succeeds and creates a new Editor-level WordPress account under the attacker's control. … |
| Remediation | An upstream fix has been committed to the WordPress plugin SVN repository (changeset 3499726: https://plugins.trac.wordpress.org/changeset/3499726/essential-addons-for-elementor-lite/trunk/includes/Traits/Login_Registration.php); however, the exact released patched version number is not independently confirmed from available input data - the patch version is inferred to be above 6.5.13. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today