Dec 03 2025 Critical flaw in WordPress add-on for Elementor exploited in attacks

Source

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. [...]