Privilege Escalation in King Addons for Elementor Plugin by WordPress
CVE-2025-8489

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: King Addons For Elementor – 4,000+ Ready Elementor Sections, 650+ Templates, 70+ Free Widgets For Elementor
Vendor: CVE Published:; 31 October 2025

What is CVE-2025-8489?

The King Addons for Elementor plugin for WordPress contains a vulnerability that allows unauthenticated users to register as administrator-level accounts due to improper role restrictions. This flaw, found in versions 24.12.92 to 51.1.14, poses significant risks to website security, enabling attackers to gain elevated privileges and potentially take over affected sites. Website owners using this plugin should review updates and apply necessary patches to mitigate the risk.

Affected Version(s)

King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor * <= 51.1.14

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/king-addons/ta...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Aug 1, 2025

Credit

Peter Thaleikis

JSON