Bleeping Computer

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions ...
Infosecurity-magazine.com

Critical Flaws Found in Elementor King Addons Affect 10,000 Sites

A popular Elementor extension for WordPress that helps users build contact forms, sliders, pricing tables and login workflows has been found vulnerable. The King Addons for Elementor plugin, used on ...
Bleeping Computer

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...