Cybercriminals are actively exploiting a critical privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin, leading to unauthorized administrator account creation on WordPress sites. Security providers like Wordfence have blocked over 48,400 attempts, urging website owners to update to patched versions. #CVE-2025–8489 #KingAddons #WordPressSecurity
Keypoints
- Attackers exploited a critical flaw in King Addons that allows them to escalate privileges during user registration.
- Over 48,400 exploit attempts have been blocked shortly after the vulnerability’s disclosure.
- Updating to version 51.1.35 of King Addons mitigates the CVE-2025–8489 vulnerability.
- A separate vulnerability in the Advanced Custom Fields: Extended plugin enables remote code execution.
- Website owners should monitor logs for suspicious activity and apply updates promptly to prevent breaches.