CVE-2026-7284
CriticalSummary
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to and including 1.4.4. The 'easyel_handle_register' function does not restrict user roles, allowing unauthenticated attackers to assign the 'administrator' role during registration.
Risk Assessment
Attackers can gain administrative access to the site, posing a serious threat to data security and system integrity.
Recommendation
It is recommended to update the plugin to the latest version and implement additional security measures in the user registration process.
Original NVD description (English source)
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

