vulnerability

WordPress Plugin: ultimate-elementor: CVE-2020-13125: Incorrect User Management

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

May 6, 2020

Added

May 15, 2025

Modified

May 5, 2026

Description

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

Solution

ultimate-elementor-plugin-cve-2020-13125

References

https://www.cve.org/CVERecord?id=CVE-2020-13125
https://www.wordfence.com/threat-intel/vulnerabilities/id/71e2db7c-53a7-4b17-b00a-ce71a00bf546?source=api-prod
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-5401
CVE-2020-13125
https://attackerkb.com/topics/CVE-2020-13125
EUVD-EUVD-2020-5401

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report