top of page

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

3 december 2025 om 17:08:00

thehackernews.com

A critical security flaw (CVE-2025-8489) in the WordPress King Addons for Elementor plugin is under active exploitation. The vulnerability has a CVSS score of 9.8 and allows unauthenticated attackers to grant themselves administrative privileges by specifying the administrator user role during registration. This privilege escalation flaw enables attackers to create admin accounts without authentication, posing a significant threat to WordPress sites using the affected plugin.

Related links:

https://thehackernews.com/2025/12/wordpress-king-addons-flaw-under-active.html

Related CVE's:

CVE-2025-8489

Related threat actors:

No threat actors found in this article

Affected products:

WordPress King Addons for Elementor

IOC's:

No IOCs found in this article

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page