Access Control Vulnerability in Laser Plugin by Merkullove
CVE-2025-66164

Currently unrated

Key Information:

Vendor

WordPress
Status
Laser
Vendor
CVE Published:
16 December 2025

What is CVE-2025-66164?

The Laser plugin by Merkullove contains a missing authorization vulnerability that allows attackers to exploit improperly configured access control security levels. This issue affects versions up to and including 1.1.1, potentially compromising the security of systems using this plugin. Users are advised to review their configurations and apply necessary security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Laser <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/lase...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66164 : Access Control Vulnerability in Laser Plugin by Merkullove