top of page
perceptive_background_267k.jpg

Critical flaw in WordPress add-on for Elementor exploited in attacks

Published:

3 December 2025 at 21:31:20

Alert date:

5 December 2025 at 08:03:23

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Attackers are actively exploiting a critical privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress. The flaw allows attackers to gain administrative permissions during the user registration process. This is a critical severity vulnerability that is being exploited in live attacks against WordPress sites using this popular Elementor add-on plugin.

Technical details

Mitigation steps:

Affected products:

WordPress
King Addons for Elementor
Elementor

Related links:

https://www.bleepingcomputer.com/news/security/critical-flaw-in-wordpress-add-on-for-elementor-exploited-in-attacks/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page