Key Findings A critical vulnerability, CVE-2025-8489 (CVSS score of 9.8), has been discovered in the WordPress plugin King Addons for Elementor. The flaw allows unauthenticated users to register and instantly gain admin privileges on WordPress sites. Threat actors are actively exploiting the vulnerability, with the Wordfence Firewall blocking over 48,400 exploit attempts since the issue was disclosed. The vulnerability is a privilege escalation issue in versions 24.12.92 to 5
