Access Control Flaw in Grider for Elementor Plugin by MerkULove
CVE-2025-66161

Currently unrated

Key Information:

Vendor

WordPress
Status
Grider For Elementor
Vendor
CVE Published:
16 December 2025

What is CVE-2025-66161?

A missing authorization vulnerability exists in the Grider for Elementor plugin by MerkULove. This flaw allows attackers to exploit improperly configured access control levels, potentially gaining unauthorized access to sensitive functions and data within the plugin. Affected versions include all Grider for Elementor releases up to 1.0.8, posing significant risks to users who have not updated their plugin.

Affected Version(s)

Grider for Elementor <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/grid...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66161 : Access Control Flaw in Grider for Elementor Plugin by MerkULove