King Addons Catastrophe: WordPress Sites Fall Prey to Admin Hijack Flaw

Hackers tapping into a King Addons flaw (CVE-2025-8489) are turning anyone into a WordPress admin faster than you can say “cybersecurity meltdown.” The exploit, with a CVSS score of 9.8, is being actively abused, allowing attackers to create admin accounts and wreak havoc on over 10,000 websites. Update urgently!

3P
Published: December 3, 2025 11:25 pmAdded: December 3, 2025 at 3:52 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Who needs a key to the kingdom when you can just waltz in through the King Addons plugin door? In a twist of irony worthy of Shakespeare, a plugin meant to enhance your WordPress site’s pageantry is now offering hackers a royal invitation to take over. It’s like handing out crowns at a Halloween party — only these crowns come with admin privileges!

Key Points:

  • A critical vulnerability (CVE-2025-8489) in King Addons for Elementor allows anyone to register as an admin on WordPress sites.
  • The flaw affects plugin versions 24.12.92 to 51.1.14, impacting over 10,000 websites.
  • Hackers can exploit the “handle_register_ajax()” function to gain admin rights via crafted requests.
  • The vulnerability has seen mass exploitation, with over 48,400 attempts blocked by Wordfence.
  • Site owners are urged to update to at least version 51.1.35 to patch this critical flaw.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?