Missing Authorization in TNC Toolbox by Merlot Digital
CVE-2025-66108

Currently unrated

Key Information:

Vendor

WordPress
Status
Tnc Toolbox: Web Performance
Vendor
CVE Published:
21 November 2025

What is CVE-2025-66108?

A missing authorization vulnerability has been identified in TNC Toolbox, a web performance management tool by Merlot Digital. This issue arises from incorrectly configured access control levels, potentially allowing unauthorized users to exploit certain features within the application. Affected versions include TNC Toolbox: Web Performance up to and including 2.0.4. It is crucial for users to ensure that security configurations are properly defined to prevent unauthorized access and maintain data integrity.

Affected Version(s)

TNC Toolbox: Web Performance <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/tnc-...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66108 : Missing Authorization in TNC Toolbox by Merlot Digital