GHSA-g9hj-8c87-gmj8
GitHub Security Advisory
⚠ Unreviewed
HIGH
Has CVE
Advisory Details
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: September 12, 2025 6:34 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.