CVE-2026-5193

CVE Database · CVE-2026-5193

CVE-2026-5193

· MEDIUMDeferred

CVSS v3.1

6.5

EPSS

0.18%

Published

May 14, 2026

Modified

May 14, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-269

References (2)

https://plugins.trac.wordpress.org/changeset/3499726/essential-addons-for-elementor-lite/trunk/includes/Traits/Login_Registration.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/22930940-8e2c-446a-954c-90d617f3ca6d?source=cve

KEV Catalog EPSS Scores Vendors All CVEs