Access Control Issue in Merkulove Lottier for WPBakery Plugin
CVE-2025-66165

Currently unrated

Key Information:

Vendor

WordPress
Status
Lottier For WPbakery
Vendor
CVE Published:
16 December 2025

What is CVE-2025-66165?

The Lottier for WPBakery plugin developed by Merkulove suffers from a missing authorization vulnerability. This issue is related to incorrectly configured access control security levels, which may enable unauthorized users to exploit the system, exposing sensitive data and functionalities. The vulnerability impacts all versions up to and including 1.1.7, making it crucial for users and administrators to take prompt action to secure their installations.

Affected Version(s)

Lottier for WPBakery <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/lott...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66165 : Access Control Issue in Merkulove Lottier for WPBakery Plugin