A critical vulnerability in the WordPress plugin King Addons for Elementor has been actively exploited, allowing attackers to escalate privileges and potentially take control of affected websites. Site owners should update to the latest version and monitor for unusual activity to prevent malicious attacks. #CVE-2025-8489 #KingAddons #WordPressPlugins
Keypoints
- The vulnerability CVE-2025-8489 affects multiple versions of King Addons for Elementor plugin.
- Unverified attackers can register as administrators by exploiting insecure role restriction during registration.
- The flaw is rooted in the handle_register_ajax() function, which improperly handles role assignment.
- Since disclosure, over 48,400 exploit attempts have been blocked, indicating active targeting.
- Administrators should update the plugin, audit for suspicious activities, and monitor their sites closely.
Read More: https://thehackernews.com/2025/12/wordpress-king-addons-flaw-under-active.html