Broken Access Control Vulnerability in Merkulove Spoter for Elementor
CVE-2025-66162

Currently unrated

Key Information:

Vendor: WordPress
Status: Spoter For Elementor
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-66162?

The missing authorization vulnerability in Merkulove's Spoter for Elementor plugin allows attackers to exploit incorrectly configured access control security levels. This may enable unauthorized access to sensitive information or functionalities available within the plugin, compromising the overall security of WordPress websites utilizing the affected versions of Spoter for Elementor.

Affected Version(s)

Spoter for Elementor <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/spot...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Nov 21, 2025

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program

JSON