CVE-2026-12276
LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide.
| Vendor | unknown |
| Product | la-studio element kit for elementor |
| Published | Jul 10, 2026 |
| Last Updated | Jul 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown la-studio element kit for elementor
Be the first to know when new medium vulnerabilities affecting unknown la-studio element kit for elementor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / LA-Studio Element Kit for Elementor
0 < 1.6.1
References
Credits
Mike Gozdiskowski WPScan