CVE-2025-8489

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.

More information : https://plugins.trac.wordpress.org/browser/king-addons/tags/24.12.93/includes/widgets/Login_Register_Form/Login_Register_Form_Ajax.php#L353