The Essential Addons for Elementor plugin for WordPress is vulnerable to a security risk in versions up to and including 4.6.4. This risk is caused by a lack of restrictions around who can add a registration form and a custom registration role to an Elementor created page. This can be exploited by attackers who have access to the Elementor page builder. They can create a new registration form and set the user role to administrator. This way, they can register as an admin user.