CVE-2025-8489
ENISA EUVD: EUVD-2025-37306 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026
1 article
Published: 2025-10-31
EPSS Score
Source: FIRST.org · 2026-05-23
49.26%
probability
This CVE has a 49.26% probability
of being exploited in the next 30 days.
0%
Top 97.8th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)9.8
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.
Affected Products
kingaddons
King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor
Signal Intelligence
Confidence
85%
EPSS
49.26%
CVSS v3.1
9.8
Mentions
1
Last Seen
Dec 03, 2025
CNA Information
CNA Assigner
Wordfence
CNA Title
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation
Analyst Note
CVE-2025-8489 is a 2025 vulnerability (published 2025-10-31) with explicit reporting of active exploitation in the wild by TheHackerNews. The critical CVSS 9.8 privilege escalation flaw allowing unauthenticated admin registration is actively exploited, and the recent publication date combined with confirmed in-the-wild attacks strongly indicates zero-day exploitation preceding or coinciding with patch availability.
Threat Actors 2
Just Evil
apt_group
🇷🇺 RU
Red October
apt_group
🇷🇺 RU
Triage Info
Decided atMar 05, 2026
Published DateOct 31, 2025