A critical zero-day vulnerability in the King Addons for Elementor WordPress plugin, tracked as CVE-2025-8489, has been actively exploited in the wild, allowing attackers to escalate privileges and potentially take over admin accounts. The flaw, which affects versions 24.12.92 to 51.1.14, has a CVSS score of 9.8, underscoring its severity.
The vulnerability stems from improper role restrictions within the plugin, enabling unauthorized users to register with elevated privileges. This privilege escalation flaw, categorized under CWE-269, has been exploited before its disclosure, marking it as a zero-day with a TTE of -0.3 days. The exploitation allows attackers to gain administrative access to WordPress sites using the plugin, posing significant risks to over 4,000 active installations.
An exploit for this vulnerability is already available, increasing the urgency for site administrators to address the issue. The Exploit Prediction Scoring System (EPSS) assigns it a score of 0.493, indicating a moderate likelihood of exploitation, though the active exploitation in the wild suggests a higher immediate risk.
Administrators using the affected versions of the King Addons plugin are urged to disable it immediately and apply any available patches or updates. The SSVC (Stakeholder-Specific Vulnerability Categorization) recommends immediate attention to mitigate potential damage. As the vulnerability allows for complete site takeover, swift action is crucial to protect sensitive data and maintain site integrity.
CSURFACE