Description
Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.
Published: 2025-11-06
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

An Incorrect Privilege Assignment flaw in King Addons for Elementor version 51.1.36 and earlier lets attackers elevate privileges on a WordPress site. By gaining higher-level access, an adversary can bypass normal role restrictions and gain administrative control or alter site content.

Affected Systems

All installations of KingAddons.com’s King Addons for Elementor plugin from the earliest release up to version 51.1.36 are affected.

Risk and Exploitability

The CVSS score of 9.8 marks this flaw as critical, while its EPSS of less than 1% suggests low current exploitation likelihood. The vulnerability is not catalogued in CISA KEV. Based on the description, it is inferred that the plugin’s privilege escalation could be leveraged through the WordPress admin interface, potentially giving an attacker full site control if they possess any level of access.

Generated by OpenCVE AI on April 28, 2026 at 10:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade King Addons for Elementor to a version above 51.1.36.
  • Deactivate the plugin until a safe version is available.
  • Restrict or revoke any elevated role permissions that are unintentionally granted by the plugin. (e.g., ensure only administrators have full site capabilities.)
  • Monitor user accounts and role assignments for unauthorized changes.

Generated by OpenCVE AI on April 28, 2026 at 10:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 06 Nov 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Kingaddons
Kingaddons king Addons For Elementor
Wordpress
Wordpress wordpress
Vendors & Products Kingaddons
Kingaddons king Addons For Elementor
Wordpress
Wordpress wordpress

Thu, 06 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 06 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.
Title WordPress King Addons for Elementor plugin <= 51.1.36 - Privilege Escalation vulnerability
Weaknesses CWE-266
References

Subscriptions

Kingaddons King Addons For Elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T18:22:03.400Z

Reserved: 2025-06-19T10:04:18.974Z

Link: CVE-2025-6325

cve-icon Vulnrichment

Updated: 2025-11-06T16:35:03.775Z

cve-icon NVD

Status : Deferred

Published: 2025-11-06T16:16:14.643

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-6325

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:30:29Z

Weaknesses