PT-2026-3919

🗓️ 22 Jan 2026 00:00:00Reported by Positive TechnologiesType

LA-Studio Element Kit plugin for WordPress lets unauthenticated users register as administrators via ajax register handle up to 1.5.6.3.

Reporter	Title	Published	Views	Family All 19
GithubExploit	Mephisto	21 May 202605:06	–	githubexploit
GithubExploit	Exploit for CVE-2026-0920	18 Apr 202619:43	–	githubexploit
GithubExploit	Exploit for CVE-2026-0920	22 Jan 202619:33	–	githubexploit
GithubExploit	Exploit for CVE-2026-0920	25 Jan 202614:04	–	githubexploit
ATTACKERKB	CVE-2026-0920	22 Jan 202606:47	–	attackerkb
Circl	CVE-2026-0920	22 Jan 202607:43	–	circl
CNNVD	WordPress plugin LA-Studio Element Kit for Elementor has a security vulnerability	22 Jan 202600:00	–	cnnvd
CVE	CVE-2026-0920	22 Jan 202606:47	–	cve
Cvelist	CVE-2026-0920 LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter	22 Jan 202606:47	–	cvelist
EUVD	EUVD-2026-4169	22 Jan 202606:47	–	euvd

Source	Link
twitter	www.twitter.com/vuldb/status/2014322931980226865
twitter	www.twitter.com/ThreatSynop/status/2014800073712861295
plugins	www.plugins.trac.wordpress.org/browser/lastudio-element-kit/tags/1.5.6.3/includes/integrations/override.php
twitter	www.twitter.com/cracbot/status/2016103990120087902
t	www.t.me/CVEtracker/42747
twitter	www.twitter.com/ThreatSynop/status/2015736277207785979
plugins	www.plugins.trac.wordpress.org/changeset/3439121/lastudio-element-kit
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/65ebc744-6cc2-47ce-b225-81820e49d59c
twitter	www.twitter.com/CVEnew/status/2014232534230471144
twitter	www.twitter.com/MNovofastovsky/status/2022360369683939356

13 Feb 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.19.8

EPSS0.00066

SSVC