CVE-2025-8489
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| king_addons | king_addons_for_elementor | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the King Addons for Elementor WordPress plugin allows unauthenticated attackers to register user accounts with administrator-level privileges. This happens because the plugin does not properly restrict the user roles that can be assigned during registration, enabling privilege escalation from a normal user to an administrator.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows attackers to gain administrator access to a WordPress site without authentication. With administrator privileges, attackers can fully control the site, including modifying content, installing malicious code, stealing sensitive data, and disrupting site operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards like GDPR and HIPAA because unauthorized administrator access can lead to data breaches, unauthorized data modification, and loss of data integrity and confidentiality. Such breaches can result in violations of data protection regulations and lead to legal and financial consequences.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized user registrations with administrator-level roles in the WordPress system. Since the vulnerability allows unauthenticated attackers to register as administrators, you can check the WordPress user list for recently created users with elevated privileges. Commands to detect this include using WP-CLI to list users and their roles, for example: `wp user list --role=administrator --field=user_login,user_email,user_registered` to identify suspicious new admin accounts. Additionally, reviewing web server logs for POST requests to the registration AJAX endpoint (e.g., `admin-ajax.php` with action related to King Addons registration) may help detect exploitation attempts. Monitoring for unusual spikes in registration attempts or registrations from suspicious IPs can also be useful. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Updating the King Addons for Elementor plugin to a version later than 51.1.14 where the vulnerability is fixed. 2) Temporarily disabling user registration in WordPress settings to prevent new registrations until the plugin is updated. 3) Reviewing and removing any unauthorized administrator accounts created during the vulnerable period. 4) Implementing additional security measures such as enabling reCAPTCHA on registration forms, enforcing strong password policies, and monitoring rate limiting logs to detect and block suspicious registration attempts. 5) Applying web application firewall (WAF) rules to block suspicious registration requests targeting the vulnerable AJAX endpoints. [1, 2]