{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72442?format=json","vulnerability_id":"VCID-fktj-5m15-5kbq","summary":"The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.","aliases":[{"alias":"CVE-2026-7284"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7284","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27066","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7284"},{"reference_url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/32b6ccfe-a659-41e4-9cec-146f4f910071?source=cve","reference_id":"32b6ccfe-a659-41e4-9cec-146f4f910071?source=cve","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:12:23Z/"}],"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/32b6ccfe-a659-41e4-9cec-146f4f910071?source=cve"},{"reference_url":"https://plugins.trac.wordpress.org/browser/easy-elements/tags/1.4.0/widgets/login-register/class.login-register.php#L62","reference_id":"class.login-register.php#L62","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:12:23Z/"}],"url":"https://plugins.trac.wordpress.org/browser/easy-elements/tags/1.4.0/widgets/login-register/class.login-register.php#L62"},{"reference_url":"https://plugins.trac.wordpress.org/changeset/3534530/easy-elements#file728","reference_id":"easy-elements#file728","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:12:23Z/"}],"url":"https://plugins.trac.wordpress.org/changeset/3534530/easy-elements#file728"}],"weaknesses":[{"cwe_id":269,"name":"Improper Privilege Management","description":"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor."}],"exploits":[],"severity_range_score":"9.8 - 9.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fktj-5m15-5kbq"}