CVE-2025-30926
Description
Missing authorization in King Addons for Elementor <=24.12.58 allows unauthenticated access to restricted functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in King Addons for Elementor <=24.12.58 allows unauthenticated access to restricted functions.
Vulnerability
The King Addons for Elementor plugin (king-addons) suffers from a missing authorization vulnerability in versions up to and including 24.12.58. This allows unauthenticated users to access functions that should require proper permissions. The current version (51.1.63) has addressed this issue [1].
Exploitation
An attacker can exploit this vulnerability by sending crafted requests to the affected plugin endpoints without needing any authentication or user interaction. The low complexity of exploitation is reflected in the CVSS score (4.3). No special privileges or network position is required beyond internet access to the WordPress site.
Impact
Successful exploitation could lead to unauthorized access to plugin features, potentially resulting in information disclosure or modification of settings. The impact is limited in scope, as the vulnerability is classified as Medium with a CVSS score of 4.3.
Mitigation
The vulnerability is fixed in version 51.1.63 and later. Users should update to the latest version immediately. The plugin's update channel provides seamless upgrades through the WordPress admin dashboard. No workaround is available for older versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=24.12.58
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.