CVE-2025-13997 in kingaddons King Addons for Elementor Plugininfo

Summary

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site's Mailchimp, Facebook and Google API keys and secrets. This vulnerability requires the Premium license to be installed

Responsible

Wordfence

Reservation

12/03/2025

Disclosure

03/23/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
352496	kingaddons King Addons for Elementor Plugin render_full_form information disclosure	200	Not defined	Official fix	CVE-2025-13997

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!