Critical Vulnerability in King Addons Plugin Puts Thousands of WordPress Sites at Risk
A significant security vulnerability has been identified in the King Addons for Elementor plugin, a popular tool utilized by over 10,000 active WordPress installations. This flaw, designated as CVE-2025-8489 with a CVSS score of 9.8, enables unauthenticated attackers to escalate their privileges to administrator levels by manipulating the user role during the registration process.
Technical Details:
The root of this vulnerability lies in the plugin’s handle_register_ajax() function, which is responsible for managing user registrations. Due to inadequate restrictions on user roles, attackers can craft HTTP requests to the /wp-admin/admin-ajax.php endpoint, specifying the administrator role. This manipulation grants them full administrative access without the need for authentication.
Impact:
Exploitation of this vulnerability allows malicious actors to gain complete control over affected WordPress sites. With administrative privileges, they can modify site content, install malicious plugins, redirect visitors to harmful websites, and inject spam or malware. Such unauthorized access poses severe risks to site integrity, user data, and overall security.
Active Exploitation:
Since the public disclosure of this flaw in late October 2025, there has been a surge in exploitation attempts. Security firm Wordfence reported blocking over 48,400 attacks targeting this vulnerability, with 75 incidents thwarted in the past 24 hours alone. The attacks have been traced back to several IP addresses, including:
– 45.61.157.120
– 182.8.226.228
– 138.199.21.230
– 206.238.221.25
– 2602:fa59:3:424::1
Reports indicate that attackers began targeting this vulnerability as early as October 31, 2025, with mass exploitation commencing on November 9, 2025.
Affected Versions and Patch:
The vulnerability affects King Addons for Elementor plugin versions from 24.12.92 through 51.1.14. The developers addressed this issue in version 51.1.35, released on September 25, 2025. Users are strongly advised to update to this version or later to mitigate the risk.
Recommendations for Site Administrators:
1. Immediate Update: Ensure that your King Addons for Elementor plugin is updated to version 51.1.35 or later.
2. Audit User Accounts: Review your site’s user accounts for any unauthorized administrators and remove them promptly.
3. Monitor Site Activity: Keep a vigilant eye on your site’s logs and activities for any unusual behavior or unauthorized changes.
4. Enhance Security Measures: Implement additional security protocols, such as two-factor authentication, to bolster your site’s defenses.
By taking these proactive steps, site administrators can protect their WordPress installations from potential exploits and maintain the integrity and security of their websites.
