Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
King Addons for Elementor Privilege Escalation Vulnerability
Vulnerability
A privilege escalation vulnerability has been identified in the King Addons for Elementor plugin, specifically in versions 24.12.92 prior to 51.1.14. The issue arises because the plugin fails to properly restrict the user roles that can be registered, allowing unauthenticated attackers to create accounts with administrator privileges.
Impact
Exploitation of this vulnerability allows for unauthorized users to gain administrative access by registering with admin-level accounts.
Reproduction
To reproduce this vulnerability, an unauthenticated user can send a registration request through the WordPress site. The request must include a 'user_role' parameter set to a role that is not properly restricted by the plugin, such as 'administrator'. Once the registration is processed, the user will receive admin privileges.
Remediation
Users are advised to update the King Addons for Elementor plugin to version 51.1.35 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.