Esta página ainda não foi traduzida para o seu idioma. Exibindo conteúdo em inglês enquanto trabalhamos nisso.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2026-5193: Privilege Escalation in Essential Addons for Elementor
Plataforma
wordpress
Componente
essential-addons-for-elementor-lite
Corrigido em
6.6.0
CVE-2026-5193 describes a privilege escalation vulnerability discovered in the Essential Addons for Elementor plugin for WordPress. An attacker with author-level access or higher can exploit this flaw to create new user accounts with elevated privileges, such as the 'editor' role. This vulnerability impacts versions 0.0.0 through 6.5.13 of the plugin and has been resolved in version 6.6.0.
Detecte esta CVE no seu projeto
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Impacto e Cenários de Ataquetraduzindo…
The primary impact of CVE-2026-5193 is the potential for unauthorized privilege escalation within a WordPress site. An attacker, already possessing author or higher access, can leverage this vulnerability to create new user accounts with editor or administrator privileges. This grants them the ability to modify content, install plugins, change site settings, and potentially compromise the entire WordPress installation. The blast radius extends to any data accessible by the newly created privileged user, including sensitive information stored in the database or accessible through plugins. This vulnerability shares similarities with other privilege escalation flaws where insufficient role validation allows for unauthorized access elevation.
Contexto de Exploraçãotraduzindo…
CVE-2026-5193 was published on 2026-05-14. Its severity is currently assessed as medium. Public proof-of-concept (POC) code is not yet widely available, but the vulnerability's nature suggests that a POC is likely to emerge. There are no indications of active exploitation campaigns targeting this vulnerability at this time. Refer to the official WordPress security advisory for further details and updates.
Inteligência de Ameaças
Status do Exploit
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Baixo — qualquer conta de usuário válida é suficiente.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Nenhum — sem impacto na confidencialidade.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Nenhum — sem impacto na disponibilidade.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
Mitigação e Soluções Alternativastraduzindo…
The recommended mitigation for CVE-2026-5193 is to immediately upgrade the Essential Addons for Elementor plugin to version 6.6.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting user creation privileges to administrators only through WordPress user management settings. While not a complete fix, this can limit the attacker's ability to exploit the vulnerability. Monitor WordPress logs for suspicious user creation activity, specifically looking for new users being created with elevated roles. After upgrading, verify the fix by attempting to create a new user with author privileges and confirming that the creation fails with an appropriate error message.
Como corrigir
Atualize para a versão 6.6.0, ou uma versão corrigida mais recente
Perguntas frequentestraduzindo…
What is CVE-2026-5193 — Privilege Escalation in Essential Addons for Elementor?
CVE-2026-5193 is a medium severity vulnerability in Essential Addons for Elementor allowing attackers with author access to create users with editor privileges, potentially gaining control of the WordPress site.
Am I affected by CVE-2026-5193 in Essential Addons for Elementor?
You are affected if you are using Essential Addons for Elementor versions 0.0.0 through 6.5.13. Upgrade to version 6.6.0 to resolve the issue.
How do I fix CVE-2026-5193 in Essential Addons for Elementor?
Upgrade the Essential Addons for Elementor plugin to version 6.6.0 or later. As a temporary workaround, restrict user creation privileges to administrators only.
Is CVE-2026-5193 being actively exploited?
There are currently no indications of active exploitation campaigns targeting CVE-2026-5193, but a public POC is likely to emerge.
Where can I find the official Essential Addons for Elementor advisory for CVE-2026-5193?
Refer to the official WordPress security advisory and the Essential Addons for Elementor website for the latest information and updates regarding CVE-2026-5193.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Detecte esta CVE no seu projeto
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Escaneie seu projeto WordPress agora — sem conta
Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.
Arraste e solte seu arquivo de dependências
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...