MEDIUM
LA‑Studio
CVE published 2026-07-10
CVE-2026-12276
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 has a vulnerability that allows unauthenticated attackers to create new accounts on a site even when user registration is disabled. This is possible because the plugin does not check the site's registration status before allowing account creation through its AJAX actions. Administrators of WordPress sites using the LA-Studio Element Kit [truncated]