HIGH
themewant
CVE published 2026-05-22
CVE-2026-9018
CVE-2026-9018 affects the Easy Elements for Elementor – Addons & Website Templates WordPress plugin through version 1.4.5. The supplied vulnerability description says the plugin’s public registration flow can write attacker-controlled custom meta into a newly created user account, which can overwrite sensitive fields such as wp_capabilities and turn the account into an administrator. The exposure depends [truncated]