Essential Addons For Elementor Popular Elementor Templates Widgets
Monthly
Privilege escalation in Essential Addons for Elementor (all versions ≤ 6.5.13) allows authenticated WordPress users with Author-level access or above to create new accounts with elevated roles such as Editor by exploiting the plugin's `register_user` function, which applies an incomplete role denylist that blocks only 'administrator' while leaving other privileged roles unguarded. The network-accessible, low-complexity attack vector (AV:N/AC:L/PR:L) makes this realistic for any site with the plugin's registration widget exposed and populated with low-trust authors. No public exploit has been identified at time of analysis and CISA KEV status is absent, but the plugin's broad WordPress deployment increases aggregate exposure.
Privilege escalation in Essential Addons for Elementor (all versions ≤ 6.5.13) allows authenticated WordPress users with Author-level access or above to create new accounts with elevated roles such as Editor by exploiting the plugin's `register_user` function, which applies an incomplete role denylist that blocks only 'administrator' while leaving other privileged roles unguarded. The network-accessible, low-complexity attack vector (AV:N/AC:L/PR:L) makes this realistic for any site with the plugin's registration widget exposed and populated with low-trust authors. No public exploit has been identified at time of analysis and CISA KEV status is absent, but the plugin's broad WordPress deployment increases aggregate exposure.