CVE-2026-0920 | LA-Studio Element Kit for Elementor Plugin up to 1.5.6.3 on WordPress User Creation ajax_register_handle lakit_bkrole Remote Code Execution

Inserito da Angelo Barbosa | Gen 21, 2026 | CVE

A vulnerability categorized as critical has been discovered in LA-Studio Element Kit for Elementor Plugin up to 1.5.6.3 on WordPress. This vulnerability affects the function ajax_register_handle of the component User Creation Handler. Such manipulation of the argument lakit_bkrole leads to Remote Code Execution.

This vulnerability is traded as CVE-2026-0920. The attack may be launched remotely. There is no exploit available.

CVE-2026-0920 | LA-Studio Element Kit for Elementor Plugin up to 1.5.6.3 on WordPress User Creation ajax_register_handle lakit_bkrole Remote Code Execution

Post correlati

CVE-2025-26595 | Red Hat Enterprise Linux 6/7/8/9 X.org X11 Server/TigerVNC XkbVModMaskText stack-based overflow

CVE-2024-13599 | thimpress LearnPress Plugin up to 4.2.7.5 on WordPress cross site scripting

CVE-2025-20313 | Cisco IOS XE up to 17.17.1 path traversal (cisco-sa-secboot-UqFD8AvC)

CVE-2026-23522 | lobehub lobe-chat up to 2.0.0-next.193 knowledgeBase.removeFilesFromKnowledgeBase access control (GHSA-j7xp-4mg9-x28r)