CVE-2026-56028 is a critical unauthenticated privilege escalation vulnerability in Easy Elements for Elementor – Addons & Website Templates versions up to and including 1.4.9. The vulnerability has a CVSS score of 9.8 and is considered critical. The CVE was published on June 26, 2026, and last modified on June 29, 2026. The vulnerability allows an attacker to escalate privileges without authentication, po [truncated]
CVE-2026-9018 affects the Easy Elements for Elementor – Addons & Website Templates WordPress plugin through version 1.4.5. The supplied vulnerability description says the plugin’s public registration flow can write attacker-controlled custom meta into a newly created user account, which can overwrite sensitive fields such as wp_capabilities and turn the account into an administrator. The exposure depends [truncated]
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress contains a critical privilege escalation vulnerability in versions up to and including 1.4.4. The `easyel_handle_register` function fails to restrict user roles during registration, allowing unauthenticated attackers to specify arbitrary roles including 'administrator' during account creation. This grants immediate administr [truncated]