Unauthorized Account Creation in LA-Studio Element Kit for Elementor Plugin
CVE-2026-12276
Currently unrated
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 10 July 2026
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2026-12276?
The LA-Studio Element Kit for Elementor WordPress plugin, prior to version 1.6.1, suffers from a security flaw where it permits unauthenticated users to register accounts even when user registration is disabled across the WordPress site. This vulnerability arises from the plugin's failure to verify the user registration settings before executing its AJAX actions, posing a risk by potentially allowing unauthorized access to the site.
Affected Version(s)
LA-Studio Element Kit for Elementor 0 < 1.6.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.