CVE-2025-8489
📋 TL;DR
This vulnerability in the King Addons for Elementor WordPress plugin allows unauthenticated attackers to register administrator-level user accounts due to improper role restrictions. Any WordPress site using vulnerable versions of this plugin is affected, potentially leading to complete site compromise.
💻 Affected Systems
- King Addons for Elementor WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover with administrative access, allowing attackers to install malware, deface the site, steal data, or use the site for further attacks.
Likely Case
Attackers create administrator accounts to gain persistent access, install backdoors, modify content, or exfiltrate sensitive data.
If Mitigated
With proper monitoring and detection, unauthorized admin account creation can be detected and blocked before significant damage occurs.
🎯 Exploit Status
Simple HTTP POST request to vulnerable endpoint with crafted parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 51.1.35
Vendor Advisory: https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.35/includes/widgets/Login_Register_Form/Login_Register_Form_Ajax.php#L160
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'King Addons for Elementor'. 4. Click 'Update Now' if available, or download version 51.1.35+ from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Disable User Registration
allTemporarily disable user registration functionality in WordPress settings
Block Vulnerable Endpoint
linuxUse web application firewall or .htaccess to block access to the vulnerable AJAX endpoint
# Add to .htaccess
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/wp-admin/admin-ajax\.php$
RewriteCond %{QUERY_STRING} action=king_ajax_register
RewriteRule ^ - [F]
🧯 If You Can't Patch
- Disable the King Addons plugin completely
- Implement strict monitoring for new user registrations and admin account creation
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for King Addons version between 24.12.92 and 51.1.14Check Version:
wp plugin list --name='King Addons' --field=versionVerify Fix Applied:
Confirm plugin version is 51.1.35 or higher, and test registration functionality with non-admin role📡 Detection & Monitoring
Log Indicators:
- Multiple failed registration attempts followed by successful admin registration
- User registration events with administrator role assigned
- POST requests to /wp-admin/admin-ajax.php with action=king_ajax_register
Network Indicators:
- HTTP POST requests to admin-ajax.php with role parameter set to administrator value
- Unusual user agent strings during registration attempts
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "king_ajax_register" AND "role="🔗 References
- https://plugins.trac.wordpress.org/browser/king-addons/tags/24.12.93/includes/widgets/Login_Register_Form/Login_Register_Form_Ajax.php#L353
- https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.35/includes/widgets/Login_Register_Form/Login_Register_Form_Ajax.php#L160
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a1bb2b06-9a3b-4428-8624-26a1202fe3b0?source=cve
