Impreza Portal
Sign InMy ServicesMy DomainsMy InvoicesMy Tickets
News
Celebrative Logos
Our Platform
Carbon Removal Commitment
Tutorials
Video TutorialsKnowledge Base
More
UptimeNetwork StatusAffiliatesJobsAbout us
Contact
Submit TicketSend an EmailTelegramReport Abuse
×

New Dedicated Servers in USA just Dropped!

Check our Newest USA Servers with top-tier Hardware and Better Prices! Start today your own Project Online with the Perfect Dedicated Hosting!

Check this out
New Dedicated Servers in USA
HOMEDOMAINS
CONTACT
Login
Sign InCreate an Account
No Comments

Over 10,000 WordPress vulnerable to unauthenticated Admin Creation

 

A critical security flaw impacting a WordPress plugin known as King Addons for Elementor now faces active exploitation in the wild.

The vulnerability, CVE-2025-8489 (CVSS score: 9.8), represents a case of privilege escalation and allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration.

Affected Versions and Discovery

The flaw affects versions from 24.12.92 through 51.1.14. In response, the maintainers released a fix in version 51.1.35 on September 25, 2025. Security researcher Peter Thaleikis discovered and reported the flaw, and the plugin currently runs on over 10,000 active installs.

“This is due to the plugin not properly restricting the roles that users can register with,” Wordfence said in an alert. “This makes it possible for unauthenticated attackers to register with administrator-level user accounts.”

Specifically, the issue stems from the “handle_register_ajax()” function that runs during user registration. However, the insecure implementation of this function allows unauthenticated attackers to specify their role as “administrator” in a crafted HTTP request to the “/wp-admin/admin-ajax.php” endpoint. Consequently, attackers can obtain elevated privileges.

Moreover, successful exploitation of the vulnerability enables a bad actor to seize control of a susceptible site that has installed the plugin and weaponize the access to upload malicious code that can deliver malware, redirect site visitors to sketchy sites, or inject spam.

Exploitation Activity and Indicators

Wordfence reported that its systems already blocked over 48,400 exploit attempts since the public disclosure of the flaw in late October 2025, including 75 attempts in the last 24 hours alone. The attacks originated from the following IP addresses:

  • 45.61.157.120
  • 182.8.226.228
  • 138.199.21.230
  • 206.238.221.25
  • 2602:fa59:3:424::1

“Attackers may have started actively targeting this vulnerability as early as October 31, 2025, with mass exploitation starting on November 9, 2025,” the WordPress security company said.

Site administrators should update to the latest version of the plugin, audit their environments for any suspicious admin users, and monitor for any signs of abnormal activity.

 

Source: TheHackerNews

Read more at Impreza News

You might also like
News, Vulnerability, WordPress
News, Vulnerability, WordPress

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.