Primary

Context

Essential Addons for Elementor Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability exists in the Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress, affecting all versions through 6.5.13. The issue arises from inadequate role validation in the 'register_user' function, which only prevents the 'administrator' role from being assigned. This flaw allows authenticated attackers with author-level access or higher to create new user accounts with elevated privileges, such as editor rights.

Impact

Exploitation of this vulnerability allows authenticated users with author-level access to create new user accounts with editor privileges, thereby escalating their rights and access within the WordPress site.

Remediation

Users are advised to update the Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin to version 6.6.0 or later.

Added: May 14, 2026, 7:31 AM

Updated: May 14, 2026, 7:31 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

6.1

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

6.1

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Essential Addons for Elementor Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Essential Addons for Elementor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating