CVE-2026-0920

CRITICAL EXPLOITED

LA-Studio Element Kit - Privilege Escalation

Title source: llm

Description

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.

Exploits (4)

nomisec WORKING POC 4 stars

by John-doe-code-a11 · remote

https://github.com/John-doe-code-a11/CVE-2026-0920

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by O99099O · remote

https://github.com/O99099O/By-Poloss..-..CVE-2026-0920

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Galaxy-sc · remote

https://github.com/Galaxy-sc/CVE-2026-0920-WordPress-LA-Studio-Exploit

View Code ZIP pw:eip

nomisec WORKING POC

by Nxploited · poc

https://github.com/Nxploited/CVE-2026-0920-

View Code ZIP pw:eip

References (3)

[Product] https://plugins.trac.wordpress.org/browser/lastudio-element-kit/tags/1.5.6.3/includes/integrations/override.php#L301

[Product] https://plugins.trac.wordpress.org/changeset/3439121/lastudio-element-kit

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/65ebc744-6cc2-47ce-b225-81820e49d59c?source=cve

Scores

CVSS v3 9.8

EPSS 0.0006

EPSS Percentile 20.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2026-01-21

CWE

CWE-269

Status published

Products (1)

choijun/LA-Studio Element Kit for Elementor < 1.5.6.3

Published Jan 22, 2026

Tracked Since Feb 18, 2026