Missing Authorization in Merkulove's Buttoner for Elementor Plugin
CVE-2025-68085

Currently unrated

Key Information:

Vendor

WordPress
Status
Buttoner For Elementor
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68085?

A missing authorization vulnerability exists in Merkulove's Buttoner for Elementor plugin, allowing attackers to exploit incorrectly configured access control settings. This primarily impacts versions n/a through 1.0.6, where inadequate checks may permit unauthorized access to sensitive areas of the web application, compromising security protocols.

Affected Version(s)

Buttoner for Elementor <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/butt...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68085 : Missing Authorization in Merkulove's Buttoner for Elementor Plugin