CVE-2025-13997

Name of the Vulnerable Software and Affected Versions King Addons for Elementor versions through 51.1.49

Description The King Addons for Elementor plugin for WordPress is susceptible to unauthenticated disclosure of API keys. The plugin adds API keys to the HTML source code through the render full form function, potentially allowing unauthenticated attackers to extract Mailchimp, Facebook, and Google API keys and secrets. This requires a Premium license to be installed. Reports indicate offensive activities targeting this issue.

Recommendations Versions prior to and including 51.1.49 should be updated.