PatchSiren

themewant CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL themewant CVE published 2026-06-26

CVE-2026-56028

CVE-2026-56028 is a critical unauthenticated privilege escalation vulnerability in Easy Elements for Elementor – Addons & Website Templates versions up to and including 1.4.9. The vulnerability has a CVSS score of 9.8 and is considered critical. The CVE was published on June 26, 2026, and last modified on June 29, 2026. The vulnerability allows an attacker to escalate privileges without authentication, po [truncated]

HIGH themewant CVE published 2026-05-22

CVE-2026-9018

CVE-2026-9018 affects the Easy Elements for Elementor – Addons & Website Templates WordPress plugin through version 1.4.5. The supplied vulnerability description says the plugin’s public registration flow can write attacker-controlled custom meta into a newly created user account, which can overwrite sensitive fields such as wp_capabilities and turn the account into an administrator. The exposure depends [truncated]

CRITICAL themewant CVE published 2026-05-20

CVE-2026-7284

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress contains a critical privilege escalation vulnerability in versions up to and including 1.4.4. The `easyel_handle_register` function fails to restrict user roles during registration, allowing unauthenticated attackers to specify arbitrary roles including 'administrator' during account creation. This grants immediate administr [truncated]