All news with #elementor tag

Critical Flaws in King Addons for Elementor Risk Takeover

⚠️ King Addons for Elementor, installed on over 10,000 WordPress sites, contains two unauthenticated critical vulnerabilities that can enable full site takeover. Patchstack identified an arbitrary file upload (CVE-2025-6327) and a registration-based privilege escalation (CVE-2025-6325) that allow remote attackers to place files in web-accessible directories and create administrative accounts. The vendor released version 51.1.37 to add a role allowlist, input sanitization, upload permission checks and stricter file-type validation — administrators should update immediately and verify whether the 'King Addons Login | Register Form' widget is active.