Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

King Addons for Elementor privilege escalation flaw (CVE-2025-8489, actively exploited)

Vulnerability
First reported
Last updated
Happening score
H score 43
2 unique sources, 2 articles

Summary

Hide ▲

Active exploitation of CVE-2025-8489 in King Addons for Elementor creates administrative takeover risk for susceptible WordPress sites. The flaw lets unauthenticated attackers register as administrator through a crafted request to /wp-admin/admin-ajax.php. It affects versions 24.12.92 through 51.1.14 and was fixed in 51.1.35. Wordfence says it has already blocked over 48,400 exploit attempts since public disclosure in late October 2025.

Related Happenings

RondoDox botnet exploitation of XWiki CVE-2025-24893

Malware Activity
First: 15.11.2025 18:35 Last: 15.11.2025 18:35 Sources 1

About this happening: The **RondoDox** botnet has begun **targeting unpatched XWiki instances** through **CVE-2025-24893**, expanding its reach and putting vulnerable servers at risk of **botnet recrui...

Open Happening

Post SMTP CVE-2025-11833 exploitation wave

Exploitation Wave
First: 04.11.2025 23:46 Last: 04.11.2025 23:46 Sources 1

About this happening: **CVE-2025-11833** in the **Post SMTP** WordPress plugin is being actively exploited to hijack administrator accounts, putting **more than 400,000 sites** at risk of **full site c...

Open Happening

WordPress plugin exploitation wave (GutenKit and Hunk Companion)

Exploitation Wave
First: 24.10.2025 22:28 Last: 24.10.2025 22:28 Sources 1

About this happening: **WordPress** sites are facing a broad **exploitation wave** against **GutenKit** and **Hunk Companion** plugin flaws, with **Wordfence** blocking **8.7 million attack attempts**...

Open Happening

CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008

Public Sector Action
First: 03.10.2025 11:23 Last: 03.10.2025 11:23 Sources 1

About this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...

Open Happening

Timeline

  1. 03.12.2025 19:08 2 articles · 5mo ago

    King Addons for Elementor patch release

    Mitigation Patch Update

    King Addons for Elementor maintainers released version 51.1.35 on September 25, 2025 to fix CVE-2025-8489, a critical privilege-escalation flaw affecting versions 24.12.92 through 51.1.14 that let unauthenticated attackers register as administrator.

    Show sources
    Open in new tab
  2. 03.12.2025 19:08 2 articles · 5mo ago

    Early targeting of vulnerable WordPress sites

    Exploitation Observed

    Attackers may have begun targeting WordPress sites with King Addons for Elementor as early as October 31, 2025 by abusing crafted registration requests to /wp-admin/admin-ajax.php to assign the administrator role.

    Show sources
    Open in new tab
  4. 03.12.2025 19:08 2 articles · 5mo ago

    Wordfence active-exploitation disclosure

    Initial Disclosure

    Wordfence publicly reported active exploitation of CVE-2025-8489 in King Addons for Elementor, explained that handle_register_ajax() failed to restrict registration roles, and said it had blocked over 48,400 exploit attempts since public disclosure in late October 2025.

    Show sources
    Open in new tab
  5. 03.12.2025 19:08 2 articles · 5mo ago

    King Addons for Elementor patch release

    Mitigation Patch Update

    King Addons for Elementor maintainers released version 51.1.35 on September 25, 2025 to fix CVE-2025-8489, a critical privilege-escalation flaw affecting versions 24.12.92 through 51.1.14 that let unauthenticated attackers register as administrator.

    Show sources
    Open in new tab
  6. 03.12.2025 19:08 2 articles · 5mo ago

    Early targeting of vulnerable WordPress sites

    Exploitation Observed

    Attackers may have begun targeting WordPress sites with King Addons for Elementor as early as October 31, 2025 by abusing crafted registration requests to /wp-admin/admin-ajax.php to assign the administrator role.

    Show sources
    Open in new tab
  7. 03.12.2025 19:08 2 articles · 5mo ago

    Wordfence active-exploitation disclosure

    Initial Disclosure

    Wordfence publicly reported active exploitation of CVE-2025-8489 in King Addons for Elementor, explained that handle_register_ajax() failed to restrict registration roles, and said it had blocked over 48,400 exploit attempts since public disclosure in late October 2025.

    Show sources
    Open in new tab