WordPress Under Siege: Hackers Exploit King Addons and Advanced Custom Fields Flaws!
Attackers are exploiting a critical-severity privilege escalation vulnerability, CVE-2025-8489, in the King Addons for Elementor plugin, giving them admin permissions faster than you can say “Oops, I did it again.” Wordfence has blocked over 48,400 attempts. For peace of mind, update to the latest version of King Addons.
Hot Take:
King Addons for Elementor is throwing a wild Halloween party for hackers, complete with admin-level trick-or-treating! Just when you thought WordPress couldn’t get any spookier, a vulnerability with more drama than a reality TV show comes knocking. Not to be left out, Advanced Custom Fields: Extended is also joining the vulnerability shindig, serving up a buffet of exploits for anyone with a taste for mischief. It’s a spooky season special for cybercriminals, and WordPress admins are left wondering if their websites will survive these digital haunted houses!
Key Points:
- A critical vulnerability in King Addons for Elementor is being actively exploited.
- Attackers can obtain admin permissions during registration, thanks to CVE-2025–8489.
- Over 48,400 exploit attempts have been blocked by Wordfence.
- Another vulnerability affects Advanced Custom Fields: Extended, tracked as CVE-2025-13486.
- Website owners are urged to update their plugins to the latest versions immediately.