Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin

On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by specifying the administrator user role during registration. The vendor released the patched version on September 25th, 2025, and we originally disclosed this vulnerability in the Wordfence Intelligence vulnerability database on October 30th, 2025. Our records indicate that attackers started exploiting the issue the next day, on October 31st, 2025. The Wordfence Firewall has already blocked over 48,400 exploit

Click here to continue reading this article.

István Márton

Author archive

December 3, 2025

Plugins, Threat Research, Vulnerabilities, Wordfence Intelligence, WordPress Blogs, WordPress Plugin Vulnerability News December 2025, WordPress Security, WordPress Security News December 2025

Comments are closed.

Up ↑

Your WordPress News Dashboard

Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin

István Márton

Latest posts

Text widget

Sponsored by WP Mayor

Latest posts

Built with WP RSS Aggregator