WordPress King Addons flaw is now under heavy exploitation. The issue affects a popular plugin used with a page-building tool. Researchers warned that attackers can gain full control of vulnerable sites. Therefore, site owners must act quickly to secure their systems.
The flaw is tracked as CVE-2025-8489. It carries a critical score because attackers do not need accounts to use it. Moreover, they can easily assign themselves the administrator role during registration. This simple action allows complete takeover of any unpatched site.
How the Vulnerability Works
The vulnerability impacts plugin versions between 24.12.92 and 51.1.14. Developers fixed the issue in version 51.1.35 on September 25, 2025. The report credited a security researcher for finding the flaw. It also noted that more than 10,000 sites currently use the plugin.
The problem lies in the “handle_register_ajax()” function. The function handles user registration through an AJAX endpoint. However, its insecure design allowed attackers to set their role as “administrator.” Therefore, anyone could send a crafted request and gain elevated access.
Attackers only needed to hit the “/wp-admin/admin-ajax.php” address. They could then assign the highest role to themselves. This method gave them the ability to perform any action on a site. For example, they could modify settings or remove legitimate administrators.
Impact of a Successful Exploit
A successful attack gives criminals full control. They can upload malicious files and spread malware. They can also redirect visitors to harmful pages. Furthermore, they may inject spam or damaging scripts into website content.
The report said researchers have blocked more than 48,400 attack attempts. Attackers launched at least 75 new attempts within a single day. Several IP addresses are repeatedly involved. Therefore, this campaign appears widespread and persistent.
Experts believe attackers started testing the flaw near the end of October 2025. However, mass exploitation began during early November. The timeline suggests coordinated activity targeting unpatched websites. Consequently, administrators must check their systems without delay.
What Site Owners Should Do
Administrators should update the plugin to the latest version. They should also review all admin accounts for suspicious activity. In addition, they should monitor logs for unusual actions. These steps will help limit further damage.
How to Prevent Issues Like This
Website operators can reduce future risks by using continuous threat monitoring. They should also adopt advanced web protection tools that scan for abnormal behavior in real time. These services help detect privilege-escalation attempts and block malicious scripts before they spread, offering stronger defense against similar plugin flaws.
Sleep well, we got you covered.
