A critical privilege escalation vulnerability in the Easy Elements for Elementor WordPress plugin allows unauthenticated attackers to gain administrative access to the site.

The easyel_handle_register function fails to restrict user roles during registration. An unauthenticated attacker can supply the 'administrator' role during the registration process to gain full control.

A CVSS score of 9.8 highlights the severity of this access control flaw. An attacker can register an administrative account, effectively taking over the entire WordPress site, which can lead to total data loss, site defacement, or the installation of backdoors.

Immediate Action: Update the Easy Elements for Elementor plugin to the latest version. Check the vendor advisory for specific patch details.

Proactive Monitoring: Review the user list for any unauthorized administrator accounts created recently and check registration logs.

Compensating Controls: Disable site registration if not strictly required, or implement an approval process for new user accounts.

Public Exploit Available: false

Administrative privilege escalation is one of the most critical vulnerabilities an application can face. Administrators must act immediately to update the plugin and perform a thorough audit of all existing user accounts to ensure no unauthorized administrators have been created.