A popular WordPress Elementor plugin, King Addons, was found vulnerable to critical security flaws allowing full site takeover. The vulnerabilities include unauthenticated file upload and privilege escalation issues that can be exploited without authentication. #KingAddons #WordPressSecurity
Keypoints
- The King Addons for Elementor plugin has two critical unauthenticated vulnerabilities.
- One flaw allows arbitrary file uploads, risking unauthorized file placement on sites.
- The second flaw enables privilege escalation by creating administrator accounts via registration endpoints.
- The plugin developers released updates addressing these vulnerabilities in version 51.1.37.
- Site admins are advised to verify widget activity and update immediately to prevent exploitation.
Read More: https://www.infosecurity-magazine.com/news/critical-flaws-elementor-king/