Critical severity9.8NVD Advisory· Published May 20, 2026· Updated May 20, 2026
CVE-2026-7284
CVE-2026-7284
Description
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.4.4
Patches
Vulnerability mechanics
References
3News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (May 18, 2026 to May 24, 2026)Wordfence Blog · May 28, 2026