King Addons for Elementor critical unauthenticated flaws (multiple vulnerabilities)
VulnerabilityFirst reported
Last updated
Happening score
H score
0
Summary
Hide ▲
Show ▼
King Addons for Elementor has two unauthenticated critical vulnerabilities affecting over 10,000 sites, creating a path to full site takeover if the plugin is not updated.
Timeline
-
30.10.2025 18:45 2 articles · 6mo ago
Two unauthenticated critical vulnerabilities affect King Addons for Elementor
Initial DisclosurePatchstack identified two unauthenticated critical vulnerabilities in the King Addons for Elementor plugin used on over 10,000 sites: CVE-2025-6327 enables arbitrary file upload into web-accessible directories, and CVE-2025-6325 enables privilege escalation through the registration endpoint by accepting client-supplied roles. Under common configurations, the flaws can lead to full site takeover, and administrators are advised to update to version 51.1.37 and verify whether the King Addons Login | Register Form widget is active.
Show sources
- Critical Flaws Found in Elementor King Addons Affect 10,000 Sites — www.infosecurity-magazine.com — 30.10.2025 18:45
- Critical Flaws Found in Elementor King Addons Affect 10,000 Sites — www.infosecurity-magazine.com — 30.10.2025 18:45