WordPress Chaos: King Addons Plugin Under Siege by Cyber Villains!

King Addons for Elementor’s security flaw lets hackers play admin for a day. This WordPress plugin vulnerability, CVE-2025-8489, allows attackers to register as site administrators, potentially turning your website into malware central. Update to version 51.1.35 and keep an eye out for any suspicious admin activity to stay secure.

3P
Published: December 3, 2025 5:17 pmAdded: December 3, 2025 at 9:41 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew a plugin named King Addons would be the kingpin in the latest WordPress drama? With a CVSS score of 9.8, this vulnerability is not just a bug, it’s practically a giant neon sign for hackers that says ‘Free Admin Accounts Here!’ It’s like giving out candy on Halloween, except the trick is definitely on you.

Key Points:

  • A critical flaw in the King Addons for Elementor plugin allows privilege escalation.
  • The vulnerability is identified as CVE-2025-8489 with a staggering CVSS score of 9.8.
  • Over 10,000 active installations are potentially affected.
  • The flaw was patched in version 51.1.35 on September 25, 2025.
  • Wordfence has blocked over 48,400 attacks since disclosure.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?