Access Control Flaw in Masker for Elementor Plugin by Merkulove
CVE-2025-66163

Currently unrated

Key Information:

Vendor

WordPress
Status
Masker For Elementor
Vendor
CVE Published:
16 December 2025

What is CVE-2025-66163?

A missing authorization vulnerability exists in the Masker for Elementor plugin by Merkulove, affecting versions up to and including 1.1.4. This vulnerability arises from incorrectly configured access control security levels, potentially allowing unauthorized users to exploit the system. Proper measures should be taken to secure the plugin and prevent unauthorized access.

Affected Version(s)

Masker for Elementor <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/mask...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66163 : Access Control Flaw in Masker for Elementor Plugin by Merkulove