Home > Security Alerts > Critical flaw in WordPress add-on for Elementor exploited in attacks

Critical flaw in WordPress add-on for Elementor exploited in attacks

December 4, 2025 Thursday

Attackers are exploiting CVE-2025–8489 in the King Addons for Elementor plugin for WordPress & obtain administrative permissions during the registration process. It’s used on roughly 10,000 websites.

Latest News

Service Update: Introducing GPT-5.1, Google Gemini 2.5 and Nano Banana

Copilot M365 License Promotion for Staff Account

Teams Voice adoption and Retirement of Legacy Staff Phone Systems

Official Launch: HKU Portal for Students (17 November 2025)

HKU Connect alumni email accounts will be migrated to the Graduate M365 platform

Popular Services:

uPrint
Study Rooms in Learning Commons
Software Download
Application
HKU Virtual Private Network (HKUVPN)

Critical flaw in WordPress add-on for Elementor exploited in attacks

About ITS

Alerts

Service Request & Support