Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2026-0920NVD

Description

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.

Severity Level

CRITICAL (9.8)

Published Date

22/01/2026

Last Modified

26/01/2026

Exploitation Status

UNKNOWN

References

https://plugins.trac.wordpress.org/browser/lastudio-element-kit/tags/1.5.6.3/includes/integrations/override.php#L301
https://plugins.trac.wordpress.org/changeset/3439121/lastudio-element-kit
https://www.wordfence.com/threat-intel/vulnerabilities/id/65ebc744-6cc2-47ce-b225-81820e49d59c?source=cve

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

Advanced Threat Data Export

CVE-2026-0920NVD

Description

References