CVE-2025-13535

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

WordPress plugin King Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-13997

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

CVE-2025-13997

The CVE-2025-13997 entry concerns the King Addons for Elementor WordPress plugin. Affected: King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor. Root cause: unauthenticated API key disclosure caused by the plugin adding API keys to the HTML ...

CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin

On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by...

CVE-2025-6325

CVE-2025-6325 affects WordPress King Addons for Elementor up to version 51.1.36. The underlying issue is an incorrect privilege assignment that enables privilege escalation within King Addons for Elementor. Multiple connected sources corroborate the vulnerable component and version range, describ...

PT-2025-45328

Name of the Vulnerable Software and Affected Versions King Addons for Elementor versions through 51.1.36 Description An incorrect privilege assignment exists in King Addons for Elementor, allowing for privilege escalation. The issue allows an attacker to gain elevated privileges within the system...

CVE-2025-8489

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it...

PT-2025-44584

Name of the Vulnerable Software and Affected Versions King Addons for Elementor versions 24.12.92 through 51.1.14 ShopLentor WordPress Plugin affected versions not specified Description King Addons for Elementor, a WordPress plugin, has a critical privilege escalation issue CVE-2025-8489 that...

EUVD-2025-36050

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through = 51.1.37...

CVE-2025-62887

The CVE-2025-62887 entry describes a DOM-Based XSS in WordPress Word Addons for Elementor (King Addons for Elementor). Affected product/component: King Addons for Elementor plugin for WordPress, version up to and including 51.1.37. Root cause: Improper Neutralization of Input During Web Page Gene...