Vendor
A vulnerability (CVE-2026-15155) in the Essential Addons for Elementor WordPress plugin, specifically within its Login/Register widget, allows authenticated attackers with Contributor-level access or higher to achieve administrator account takeover by injecting an additional Bcc header into administrator password-reset notification emails.