Skip to main content

LA-Studio Element Kit EUVDEUVD-2026-42829

| CVE-2026-12276 MEDIUM
2026-07-10 WPScan GHSA-xcx5-6r38-3g5q
5.3
CVSS 3.1 · Vendor: WPScan
Share

Severity by source

Vendor (WPScan) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
5.3 MEDIUM

Network-reachable unauthenticated AJAX endpoint, no interaction needed; impact is solely unauthorized account creation with no confidentiality or availability effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (WPScan).

CVSS VectorVendor: WPScan

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Generated
Jul 10, 2026 - 12:23 vuln.today
CVSS changed
Jul 10, 2026 - 12:22 NVD
5.3 (MEDIUM)
Patch available
Jul 10, 2026 - 08:01 EUVD
CVE Published
Jul 10, 2026 - 06:00 cve.org
MEDIUM 5.3
CVE Published
Jul 10, 2026 - 06:00 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide.

AnalysisAI

Unauthenticated account registration bypass in the LA-Studio Element Kit for Elementor WordPress plugin (all versions before 1.6.1) allows remote, unauthenticated attackers to create WordPress user accounts on sites where site-wide registration has been explicitly disabled by the administrator. The vulnerable component is an unauthenticated AJAX action handler that omits the standard WordPress registration-status check, effectively nullifying an administrative security control. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site with plugin installed
Delivery
Send unauthenticated POST to wp-admin/admin-ajax.php
Exploit
Invoke vulnerable AJAX action
Execution
Bypass registration-disabled policy check
Impact
Obtain unauthorized subscriber-level WordPress account

Vulnerability AssessmentAI

Exploitation Two conditions must be met: the LA-Studio Element Kit for Elementor plugin (version below 1.6.1) must be installed and active, AND the WordPress site must have user registration disabled in Settings > General (the 'Anyone can register' checkbox unchecked) - the vulnerability is only meaningful when this restriction is intended to be enforced. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 5.3 Medium score (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) accurately reflects the low exploitation complexity and absence of an authentication barrier, while the I:L rating correctly captures the bounded integrity impact of creating a low-privileged subscriber account. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies a WordPress site running LA-Studio Element Kit for Elementor (pre-1.6.1) where user registration has been disabled by the site owner. The attacker sends a crafted POST request directly to wp-admin/admin-ajax.php, specifying the vulnerable plugin AJAX action along with desired account credentials. …
Remediation The primary remediation is to update the LA-Studio Element Kit for Elementor plugin to version 1.6.1 or later, which introduces the missing registration-status check in the vulnerable AJAX handler; the patch is available through the standard WordPress plugin repository. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42829 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy