๐Ÿ” CVE Alert

CVE-2026-12276

MEDIUM 5.3

LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide.

Vendor unknown
Product la-studio element kit for elementor
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for unknown la-studio element kit for elementor

Be the first to know when new medium vulnerabilities affecting unknown la-studio element kit for elementor are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / LA-Studio Element Kit for Elementor
0 < 1.6.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/0c77a001-2773-4727-a873-848f5670fb96/

Credits

Mike Gozdiskowski WPScan