CVE-2026-27983
Received Received - Intake
Incorrect Privilege Assignment in LMS Elementor Pro Enables Escalation

Publication date: 2026-03-05

Last updated on: 2026-03-06

Assigner: Patchstack

Description
Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27983
EUVD
EUVD-2026-9653
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
designthemes lms_elementor_pro to 1.0.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27983 is a high-severity privilege escalation vulnerability in the WordPress LMS Elementor Pro Plugin versions up to and including 1.0.4.

This vulnerability is classified under OWASP Top 10 A1: Broken Access Control and allows an unauthenticated attacker with low privileges to escalate their access rights to higher privileges.

By exploiting this issue, an attacker can potentially gain full control over the affected website.

Impact Analysis

The vulnerability allows attackers to escalate their privileges from low or unauthenticated access to higher privileges, potentially gaining full control over the affected website.

This can lead to unauthorized actions such as modifying website content, accessing sensitive data, or disrupting website operations.

Given the CVSS score of 9.8, the risk of exploitation is critical and the impact on affected systems can be severe.

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided about commands or methods to detect this vulnerability on your network or system.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Since no official patch is currently available for CVE-2026-27983, immediate mitigation involves applying the mitigation rule released by Patchstack to block attacks exploiting this vulnerability.'}, {'type': 'paragraph', 'content': 'Users are strongly advised to implement this mitigation immediately to protect their sites.'}, {'type': 'paragraph', 'content': "Additionally, using Patchstack's automated vulnerability mitigation and continuous security monitoring can help safeguard WordPress sites against such threats."}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27983. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart