Particle.news
Get it on Google Play
Download on the App Store
3 ARTICLES
·
3mo ago

WordPress King Addons Flaw Actively Exploited to Create Admin Accounts

Wordfence has logged over 48,400 blocks since disclosure, prompting urgent updates to version 51.1.35.

Image

Overview

  • The vulnerability, tracked as CVE-2025-8489 with a CVSS score of 9.8, allows unauthenticated users to assign themselves the administrator role during registration.
  • Attackers craft requests to the /wp-admin/admin-ajax.php endpoint that abuse the plugin’s handle_register_ajax function to create rogue administrator accounts.
  • Impacted versions are 24.12.92 through 51.1.14, and the maintainers issued a fix on September 25, 2025 in release 51.1.35.
  • Exploitation began on October 31 and spiked November 9–10, with more than 48,400 attempts blocked to date and notable activity from 45.61.157.120 and 2602:fa59:3:424::1.
  • Administrators should update immediately, audit for unexpected admin users, review logs for listed attacking IPs, and look for signs of compromise such as code uploads, redirects, or spam.