CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

Tenable Nessus•added 2026/02/18 12:0 a.m.•8 views

WordPress Plugin 'LA Studio Element Kit for Elementor' < 1.6.0 Unauthenticated Privilege Escalation via Backdoor

The WordPress application running on the remote host has a version of the 'LA Studio Element Kit for Elementor' plugin that is prior to 1.6.0. It is, therefore, affected by an unauthenticated privilege escalation vulnerability. The plugin contains a backdoor that allows unauthenticated attackers ...

9.8CVSS5.9AI score0.00066EPSS

Exploits4References3

RedhatCVE•added 2026/02/04 7:28 p.m.•2 views

CVE-2026-24947

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.5.6.3...

4.3CVSS5.3AI score0.00037EPSS

Exploits0References1

NVD•added 2026/02/03 3:16 p.m.•5 views

CVE-2026-24947

4.3CVSS0.00037EPSS

Exploits0References1

ATTACKERKB•added 2026/02/03 2:8 p.m.•2 views

CVE-2026-24947

5.3AI score0.00037EPSS

Exploits0References2

CVE•added 2026/02/03 2:8 p.m.•6 views

CVE-2026-24947

The CVE-2026-24947 affects WordPress plugin LA-Studio Element Kit for Elementor (LA-Studio Element Kit). Affected versions are prior to 1.5.6.3. The issue is a broken access control due to a missing authorization check, allowing exploitation via insufficient access controls. Remediation is to upg...

4.3CVSS5.3AI score0.00037EPSS

Exploits0References1

EUVD•added 2026/02/03 2:8 p.m.•4 views

EUVD-2026-5217

4.3CVSS5.3AI score0.00037EPSS

Exploits0References1

Cvelist•added 2026/02/03 2:8 p.m.•21 views

CVE-2026-24947 WordPress LA-Studio Element Kit for Elementor plugin < 1.5.6.3 - Broken Access Control vulnerability

4.3CVSS0.00037EPSS

Exploits0References1

Vulnrichment•added 2026/02/03 2:8 p.m.•4 views

CVE-2026-24947 WordPress LA-Studio Element Kit for Elementor plugin < 1.5.6.3 - Broken Access Control vulnerability

4.3CVSS5.3AI score0.00037EPSS

Exploits0References1

CNNVD•added 2026/02/03 12:0 a.m.•3 views

WordPress plugin LA-Studio Element Kit for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

4.3CVSS5.8AI score0.00037EPSS

Exploits0References1

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-6220

Name of the Vulnerable Software and Affected Versions LA-Studio Element Kit for Elementor versions prior to 1.5.6.3 Description An issue exists in LA-Studio Element Kit for Elementor related to incorrectly configured access control security levels, potentially allowing unauthorized access. The...

4.3CVSS5.4AI score0.00037EPSS

Exploits0References2

Patchstack•added 2026/02/02 8:14 a.m.•5 views

WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.3.8.1...

8.8CVSS5.3AI score0.00487EPSS

Exploits0References1Affected Software1

GithubExploit•added 2026/01/25 2:4 p.m.•154 views

Exploit for CVE-2026-0920

CVE-2026-0920 Advanced Mass Exploiter Una...

9.8CVSS5.6AI score0.00066EPSS

Exploits4

NVD•added 2026/01/22 7:15 a.m.•6 views

CVE-2026-0920

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajaxregisterhandle' function not restricting what user roles a user can register with. This makes it possible for...

9.8CVSS0.00066EPSS

Exploits4References3

CVE•added 2026/01/22 6:47 a.m.•32 views

CVE-2026-0920

CVE-2026-0920 affects the WordPress plugin “LA-Studio Element Kit for Elementor” (≤ 1.5.6.3). The root cause is a missing role restriction in the AJAX registration handler (ajax_register_handle), which lets unauthenticated users supply the lakit_bkrole parameter and create an administrator accoun...

9.8CVSS5.5AI score0.00066EPSS

In wildExploits4References3

CNNVD•added 2026/01/22 12:0 a.m.•2 views

WordPress plugin LA-Studio Element Kit for Elementor has a security vulnerability

9.8CVSS6AI score0.00066EPSS

Exploits4References3

Positive Technologies•added 2026/01/22 12:0 a.m.•8 views

PT-2026-3919

Name of the Vulnerable Software and Affected Versions LA-Studio Element Kit for Elementor versions through 1.5.6.3 Description The LA-Studio Element Kit for Elementor plugin for WordPress is susceptible to unauthorized administrative user creation. This occurs because the ajax register handle...

9.8CVSS6AI score0.00066EPSS

Exploits4References18

Patchstack•added 2026/01/21 6:56 p.m.•13 views

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter vulnerability

Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakitbkrole parameter vulnerability discovered by WordFence in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.6.3...

9.8CVSS5.5AI score0.00066EPSS

Exploits4References1Affected Software1

Wordfence Blog•added 2026/01/21 6:12 p.m.•9 views

20,000 WordPress Sites Affected by Backdoor Vulnerability in LA-Studio Element Kit for Elementor WordPress Plugin

On January 12th, 2026, we received a submission for a Backdoor vulnerability in the LA-Studio Element Kit for Elementor, a WordPress plugin with more than 20,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to create malicious administrator users...

9.8CVSS5.6AI score0.00066EPSS

Exploits4