Vulners
Lucene search
CVE-2025-8489
🗓️ 31 Oct 2025 06:42:55Reported by WordfenceType 
cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 59 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
 | Exploit for CVE-2025-8489 | 17 Jan 202602:59 | – | githubexploit |
 | CVE-2025-8489 | 31 Oct 202507:32 | – | circl |
 | WordPress plugin King Addons for Elementor 安全漏洞 | 31 Oct 202500:00 | – | cnnvd |
 | WordPress King Addons for Elementor plugin elevation of privilege vulnerability | 5 Nov 202500:00 | – | cnvd |
 | CVE-2025-8489 King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation | 31 Oct 202506:42 | – | cvelist |
 | EUVD-2025-37306 | 31 Oct 202509:30 | – | euvd |
 | WordPress King Addons for Elementor Unauthenticated Privilege Escalation to RCE | 10 Dec 202518:57 | – | metasploit |
 | CVE-2025-8489 | 31 Oct 202507:15 | – | nvd |
 | 📄 WordPress King Addons for Elementor Privilege Escalation / Remote Code Execution | 11 Dec 202500:00 | – | packetstorm |
| 📄 WordPress King Addons for Elementor 51.1.14 Privilege Escalation | 2 Mar 202600:00 | – | packetstorm |
10
[
{
"vendor": "kingaddons",
"product": "King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "51.1.14",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| action | request body | /wp-admin/admin-ajax.php | Privilege escalation via unauthenticated user registration by manipulating user_role to administrator using the king_addons_user_register AJAX action | CWE-269 |
| nonce | request body | /wp-admin/admin-ajax.php | Privilege escalation via unauthenticated user registration by manipulating user_role to administrator using the king_addons_user_register AJAX action | CWE-269 |
| username | request body | /wp-admin/admin-ajax.php | Privilege escalation via unauthenticated user registration by manipulating user_role to administrator using the king_addons_user_register AJAX action | CWE-269 |
| request body | /wp-admin/admin-ajax.php | Privilege escalation via unauthenticated user registration by manipulating user_role to administrator using the king_addons_user_register AJAX action | CWE-269 | |
| password | request body | /wp-admin/admin-ajax.php | Privilege escalation via unauthenticated user registration by manipulating user_role to administrator using the king_addons_user_register AJAX action | CWE-269 |
| confirm_password | request body | /wp-admin/admin-ajax.php | Privilege escalation via unauthenticated user registration by manipulating user_role to administrator using the king_addons_user_register AJAX action | CWE-269 |
| user_role | request body | /wp-admin/admin-ajax.php | Privilege escalation via unauthenticated user registration by manipulating user_role to administrator using the king_addons_user_register AJAX action | CWE-269 |
| terms_required | request body | /wp-admin/admin-ajax.php | Privilege escalation via unauthenticated user registration by manipulating user_role to administrator using the king_addons_user_register AJAX action | CWE-269 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Apr 2026 00:35Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.19.8
EPSS0.49263
SSVC