Platform
wordpress
Component
king-addons
Fixed in
51.1.37
CVE-2025-6327 represents an Arbitrary File Access vulnerability discovered in King Addons for Elementor, a plugin for the Elementor page builder. This flaw allows attackers to upload files of any type, including malicious web shells, to the web server, potentially granting them complete control. The vulnerability affects versions from 0.0.0 through 51.1.36, and a patch is available in version 51.1.37.
CVE-2025-6327 in King Addons for Elementor presents a critical vulnerability: unrestricted file upload, allowing the upload of dangerous file types, including web shells. This means an attacker could upload a malicious file to the web server, gain unauthorized access, and execute arbitrary code. The vulnerability is rated CVSS 10.0, indicating a critical risk. Versions affected are those prior to or including 51.1.36. The ability to upload web shells enables attackers to gain full control of the server, compromising sensitive data, modifying the website, or using it as a launchpad for attacks on other systems within the network. The root cause is insufficient validation during the file upload process.
The vulnerability can be exploited by sending a specially crafted HTTP POST request to the file upload endpoint of King Addons for Elementor. An attacker can manipulate the request to upload a file with a misleading extension or incorrect content type, bypassing existing security checks. Once the web shell is successfully uploaded, the attacker can access it through a web browser and execute arbitrary commands on the server. Exploitation of this vulnerability requires basic knowledge of HTTP and web shell file structures. The lack of authentication on the upload endpoint facilitates exploitation, as any user can attempt to upload a malicious file.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
The immediate solution is to update King Addons for Elementor to version 51.1.37 or later. This version includes a fix for the unrestricted file upload vulnerability. Additionally, conduct a security audit of your website to identify and mitigate any potential damage caused by the vulnerability. Implement a stricter file security policy, including file type validation and maximum size limits, to prevent future attacks. Regularly monitor server logs for suspicious activity, such as unusual file uploads, to quickly detect and respond to any exploitation attempts. Consider using a Web Application Firewall (WAF) to filter malicious traffic.
Actualice el plugin King Addons for Elementor a la última versión disponible para solucionar la vulnerabilidad de subida arbitraria de archivos. Verifique las actualizaciones disponibles en el panel de administración de WordPress o en el repositorio oficial de plugins de WordPress. Asegúrese de realizar una copia de seguridad completa del sitio antes de actualizar.
Vulnerability analysis and critical alerts directly to your inbox.
A web shell is a malicious script (typically written in PHP, ASP, or Python) that is uploaded to a web server and allows an attacker to execute arbitrary commands on the server through a web interface.
Check the version of King Addons for Elementor you are using. If it's prior to or including 51.1.36, your website is vulnerable. You can also use a web vulnerability scanner to detect the vulnerability.
Isolate the website from the rest of the network, change all passwords, perform a thorough security audit, and restore the website from a clean backup.
Yes, by keeping King Addons for Elementor and other WordPress plugins updated, implementing a strict file security policy, and using a WAF.
You can find more information about CVE-2025-6327 on vulnerability databases such as the National Vulnerability Database (NVD) and on WordPress security forums.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Video Scenes
The immediate solution is to update King Addons for Elementor to version 51.1.37 or later. This version includes a fix for the unrestricted file upload vulnerability. Additionally, conduct a security audit of your website to identify and mitigate any potential damage caused by the vulnerability. Implement a stricter file security policy, including file type validation and maximum size limits, to prevent future attacks. Regularly monitor server logs for suspicious activity, such as unusual file uploads, to quickly detect and respond to any exploitation attempts. Consider using a Web Application Firewall (WAF) to filter malicious traffic.