Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Network-reachable unauthenticated AJAX endpoint, no interaction needed; impact is solely unauthorized account creation with no confidentiality or availability effect.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
5DescriptionCVE.org
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide.
AnalysisAI
Unauthenticated account registration bypass in the LA-Studio Element Kit for Elementor WordPress plugin (all versions before 1.6.1) allows remote, unauthenticated attackers to create WordPress user accounts on sites where site-wide registration has been explicitly disabled by the administrator. The vulnerable component is an unauthenticated AJAX action handler that omits the standard WordPress registration-status check, effectively nullifying an administrative security control. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Two conditions must be met: the LA-Studio Element Kit for Elementor plugin (version below 1.6.1) must be installed and active, AND the WordPress site must have user registration disabled in Settings > General (the 'Anyone can register' checkbox unchecked) - the vulnerability is only meaningful when this restriction is intended to be enforced. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.3 Medium score (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) accurately reflects the low exploitation complexity and absence of an authentication barrier, while the I:L rating correctly captures the bounded integrity impact of creating a low-privileged subscriber account. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies a WordPress site running LA-Studio Element Kit for Elementor (pre-1.6.1) where user registration has been disabled by the site owner. The attacker sends a crafted POST request directly to wp-admin/admin-ajax.php, specifying the vulnerable plugin AJAX action along with desired account credentials. … |
| Remediation | The primary remediation is to update the LA-Studio Element Kit for Elementor plugin to version 1.6.1 or later, which introduces the missing registration-status check in the vulnerable AJAX handler; the patch is available through the standard WordPress plugin repository. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Local File Inclusion in the LA-Studio Element Kit for Elementor WordPress plugin (all versions through 1.6.1) lets authe
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWr
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42829
GHSA-xcx5-6r38-3g5q