LA-Studio Element Kit for Elementor — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in LA-Studio Element Kit for Elementor, with AI-generated Chinese analysis, references, and POCs.

Vendor: choijun

CVE ID	Title	CVSS	Severity	Published
CVE-2026-24947	WordPress LA-Studio Element Kit for Elementor plugin < 1.5.6.3 - Broken Access Control vulnerability CWE-862	9.1^AI	Critical^AI	2026-02-03
CVE-2026-0920	LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter CWE-269	9.8	Critical	2026-01-22
CVE-2025-8360	LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CWE-79	6.4	Medium	2025-09-06
CVE-2025-4944	LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets CWE-79	6.4	Medium	2025-05-30
CVE-2025-4943	LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter CWE-79	6.4	Medium	2025-05-30
CVE-2025-3106	LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget CWE-79	6.4	Medium	2025-04-18
CVE-2025-32194	WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2025-04-04
CVE-2023-50884	WordPress LA-Studio Element Kit for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability CWE-862	8.2	-	2024-12-09
CVE-2024-10787	LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure CWE-639	4.3	Medium	2024-12-04
CVE-2024-10873	LA-Studio Element Kit for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion CWE-98	8.8	High	2024-11-23
CVE-2024-47628	WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.3 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2024-10-05
CVE-2024-43210	WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.2 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2024-08-12
CVE-2024-37479	WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability	8.5	High	2024-07-02
CVE-2024-5349	LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion CWE-22	8.8	High	2024-07-02
CVE-2024-35725	WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability CWE-862	4.3	Medium	2024-06-10
CVE-2024-4431	LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter CWE-79	6.4	Medium	2024-05-23
CVE-2024-3005	LA-Studio Element Kit for Elementor <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget CWE-79	6.4	Medium	2024-05-02
CVE-2024-2249	LA-Studio Element Kit for Elementor <= 1.3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79	6.4	Medium	2024-03-14

All 18 known CVE vulnerabilities affecting LA-Studio Element Kit for Elementor with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

LA-Studio Element Kit for Elementor — Vulnerabilities & Security Advisories 18