King Addons flaw lets anyone become WordPress admin

Related breach coverage

• Critical flaw in WordPress add-on for Elementor exploited in attacks
  2025-12-03

  Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. [...]

• Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover
  2026-01-16

  A critical Modular DS WordPress flaw (CVE-2026-23550) is actively exploited, enabling unauthenticated privilege escalation. Threat actors are actively exploiting a critical Modular DS WordPress vulnerability tracked as CVE-2026-23550 (CVSS score of 10). Modular DS is a WordPress plugin with over 40,000 installs that helps manage multiple sites, enabling monitoring, updates, and remote administration. In plugin […]

• Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)
  2026-04-25

  Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of 9.8), in the Breeze Cache WordPress plugin, allowing them to upload files to a server without authentication. The vulnerability has already been used in […]

• Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
  2026-02-26

  Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending […]