Critical King Addons Vulnerability Exploited to Hack WordPress Sites

Critical King Addons Vulnerability Exploited to Hack WordPress Sites

Posted on By CWS

Risk actors have been hacking WordPress web sites by exploiting a latest King Addons for Elementor vulnerability, Defiant studies.

Tracked as CVE-2025-8489 (CVSS rating of 9.8), the critical-severity bug is described as a privilege escalation difficulty that enables attackers to acquire administrative privileges.

The vulnerability impacts variations 24.12.92 to 51.1.14. King Addons for Elementor’s maintainers patched the difficulty in model 51.1.35 of the plugin, which was launched on September 25.

Roughly a month later, menace actors began concentrating on the CVE in assaults, and Defiant has noticed roughly 50,000 exploit makes an attempt thus far.

The safety gap, Defiant explains, exists as a result of the plugin’s operate that handles registrations was carried out insecurely.

This enables “unauthenticated attackers to specify their position with none restrictions, which suggests they may grant themselves the administrator position,” Defiant says.

Profitable exploitation of the King Addons for Elementor vulnerability, the WordPress safety agency notes, results in full website compromise, as soon as an attacker has administrator privileges.

By taking up a website, an attacker may add malicious information or modify content material to redirect customers to malicious websites.Commercial. Scroll to proceed studying.

“Our menace intelligence signifies that attackers could have began actively concentrating on this vulnerability as early as October thirty first, 2025 with mass exploitation beginning on November ninth, 2025,” Defiant says.

King Addons for Elementor has over 10,000 energetic installs. In line with WordPress statistics, hundreds of internet sites are nonetheless working a weak iteration of the plugin.

Customers are suggested to replace to King Addons for Elementor model 51.1.35 or newer as quickly as doable.

Associated: Microsoft Silently Mitigated Exploited LNK Vulnerability

Associated: Chrome 143 Patches Excessive-Severity Vulnerabilities

Associated: Exploited ‘Put up SMTP’ Plugin Flaw Exposes WordPress Websites to Takeover

Associated: 12 months-Previous WordPress Plugin Flaws Exploited to Hack Web sites

Security Week News Tags:, , , , , , ,

Related Posts

Allianz Life Data Breach Impacts Most of 1.4 Million US Customers Allianz Life Data Breach Impacts Most of 1.4 Million US Customers Security Week News
Endpoint Security Firm Remedio Raises Million in First Funding Round Endpoint Security Firm Remedio Raises $65 Million in First Funding Round Security Week News
GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models Security Week News
In Other News: Norway Dam Hacked, 7M Data Breach Settlement, UNFI Attack Update In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update Security Week News
Tenzai Raises Million in Seed Funding to Build AI-Powered Pentesting Platform Tenzai Raises $75 Million in Seed Funding to Build AI-Powered Pentesting Platform Security Week News
Cisco Patches Vulnerability Exploited by Chinese Hackers Cisco Patches Vulnerability Exploited by Chinese Hackers Security Week News