Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for ...
Bleeping Computer

WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity Forms is a custom form builder website owners use ...
Hosted on MSN

Another major WordPress add-on security flaw could affect 10,000 sites - find out if you're affected

King Addons plugin had two critical flaws enabling full WordPress site takeover Bugs allowed unauthenticated file uploads and privilege escalation via registration endpoint Users must update to ...