Essential Addons for Elementor – Popular Elementor Templates & Widgets

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Description

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor.

Basic Information

ID CVE-2026-5193

Source Wordfence

Published May 14, 2026 at 06:44

Affected Product

Vendor wpdevteam

Product Essential Addons for Elementor – Popular Elementor Templates & Widgets

Affected Versions wpdevteam Essential Addons for Elementor – Popular Elementor Templates & Widgets 0

CWE Classification

CWE-269

References

{
    "lastseen": "",
    "description": "The Essential Addons for Elementor \u2013 Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor.",
    "published": "2026-05-14T06:44:10.076Z",
    "modified": "2026-05-14T06:44:10.076Z",
    "type": "cve",
    "title": "Essential Addons for Elementor \u2013 Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22930940-8e2c-446a-954c-90d617f3ca6d?source=cve\nhttps://plugins.trac.wordpress.org/changeset/3499726/essential-addons-for-elementor-lite/trunk/includes/Traits/Login_Registration.php",
    "id": "CVE-2026-5193",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "wpdevteam Essential Addons for Elementor \u2013 Popular Elementor Templates & Widgets 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Essential Addons for Elementor \u2013 Popular Elementor Templates & Widgets",
    "version": "0",
    "vendor": "wpdevteam",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user_CVE-2026-5193