Access Control Vulnerability in Lottier for Elementor by merkulove
CVE-2025-66166

Currently unrated

Key Information:

Vendor

WordPress
Status
Lottier For Elementor
Vendor
CVE Published:
16 December 2025

What is CVE-2025-66166?

A missing authorization vulnerability has been identified in Lottier for Elementor by merkulove, allowing for exploitation via incorrectly configured access control security levels. This security flaw can potentially allow unauthorized users to gain higher privileges than intended, posing a significant risk for websites utilizing this plugin. Users are advised to review their access settings and update to the latest version of the plugin to mitigate potential attacks.

Affected Version(s)

Lottier for Elementor <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/lott...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66166 : Access Control Vulnerability in Lottier for Elementor by merkulove