CVE-2026-12276
LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
10 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
Unknown · LA-Studio Element Kit for Elementor