Vulnerability in La-studio Element Kit For Elementor

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated atta…

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

  • Unknown La-studio Element Kit For Elementor — versions 0

References

Frequently asked questions

What is CVE-2026-12276?
CVE-2026-12276 is a medium-severity vulnerability in La-studio Element Kit For Elementor, classified under CWE-863 INCORRECT AUTHORIZATION. CVSS score: 5.3/10. Published 2026-07-10.
How severe is CVE-2026-12276?
Medium severity. CVSS v3 base score is 5.3 out of 10.