A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild.
The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration.
It affects versions



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/12/wordpress-king-addons-flaw-under-active.html