WordPress Plugin Vulnerabilities

King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation

Description

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.

Affects Plugins

Plugin icon
king-addons
Fixed in 51.1.35

References

CVE
CVE-2025-8489
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/a1bb2b06-9a3b-4428-8624-26a1202fe3b0

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Peter Thaleikis
Verified
No
WPVDB ID
7db705c8-8dc6-4a0e-a0db-49d69794863c

Timeline

Publicly Published
2025-10-30 (about 7 months ago)
Added
2025-10-30 (about 7 months ago)
Last Updated
2025-11-24 (about 6 months ago)

Other

Published
Title
Published
2019-09-07
Title
Search Exclude < 1.2.4 - Arbitrary Settings Change
Published
2022-09-13
Title
WPGateway <= 3.5 - Unauthenticated Privilege Escalation
Published
2020-05-28
Title
bbPress 2.6-2.6.5 - Authenticated Privilege Escalation via the Super Moderator feature
Published
2026-03-02
Title
User Registration & Membership < 5.1.3 - Unauthenticated Privilege Escalation via Membership Registration
Published
2021-06-28
Title
ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation