What the vulnerability does
01Description
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through < 1.5.6.3.
Explanation of Vulnerability in Simple Terms
02Summary
LA-Studio Element Kit for Elementor versions up to 1.5.6.3 lack proper authorization checks, allowing authenticated users to access sensitive information they should not be able to view. An attacker with a low-privilege account can read data intended for higher-privilege users. Update to a version newer than 1.5.6.3 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Read sensitive information accessible only to higher-privilege users.
Potential impact on your site
04Site Impact
User data and site information may be exposed to low-privilege account holders who should not have access.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege authenticated account on the WordPress site.
Key dates
06Disclosure timeline
February 3, 2026
CVE published
April 28, 2026
Record updated