WordPress King Addons Flaw Under Active Attack
A critical security vulnerability in the WordPress plugin King Addons for Elementor is currently being actively exploited by hackers. This flaw, identified as CVE-2025-8489 and rated with a high severity CVSS score of 9.8, allows attackers to escalate their privileges without authentication. By exploiting this vulnerability, attackers can create new user accounts with administrative rights simply by specifying the administrator role during the registration process.
This WordPress King Addons flaw poses a serious risk to websites using the affected plugin. Since the exploit does not require any prior authentication, it opens the door for unauthorized users to gain full control over the targeted WordPress site. Once an attacker has administrative access, they can manipulate site content, install malicious code, or even lock out legitimate administrators.
Details of the WordPress King Addons Flaw and Its Impact
The vulnerability lies in the way King Addons for Elementor handles user registration. Normally, user roles are assigned based on strict rules and permissions set by the site administrators. However, due to this flaw, attackers can bypass these controls by directly specifying the administrator role during the registration process. This results in the creation of new accounts with the highest level of privileges on the site.
Because the flaw allows privilege escalation without any authentication, it is particularly dangerous. Attackers do not need to have any existing account or credentials on the site to exploit it. This makes the vulnerability easy to abuse and increases the likelihood of widespread attacks against websites using the affected plugin.
Mitigation and Recommendations for WordPress Users
Website owners using King Addons for Elementor should treat this WordPress King Addons flaw with utmost urgency. It is critical to check the version of the plugin installed and apply any available security patches or updates released by the developers. Keeping plugins up to date is essential to protect against known vulnerabilities.
Until a fix is applied, administrators should monitor their user registration logs closely for any suspicious activity. Any unexpected creation of accounts with administrative privileges should be investigated immediately. Additionally, restricting user registration or implementing additional verification steps can help reduce the risk of exploitation.
In summary, the WordPress King Addons flaw CVE-2025-8489 represents a high-severity security issue that allows unauthenticated attackers to gain administrative access. Website owners must act quickly to secure their sites by updating the plugin and monitoring for signs of compromise. Failure to do so could result in complete site takeover and significant damage.
For more stories on this topic, visit our category page.
Source: original article.