CVE-2025-24725
Description
Thim Elementor Kit plugin <=1.2.8 has a missing authorization vulnerability allowing attackers to exploit improperly configured access controls.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Thim Elementor Kit plugin <=1.2.8 has a missing authorization vulnerability allowing attackers to exploit improperly configured access controls.
The Thim Elementor Kit plugin for WordPress (versions up to and including 1.2.8) contains a missing authorization vulnerability. The plugin fails to properly enforce access control security levels, enabling exploitation of incorrectly configured access controls [1].
Attackers can leverage this broken access control to perform actions that should require higher privileges, without proper authentication. The vulnerability is particularly concerning for mass-exploit campaigns targeting thousands of websites [1].
The impact is rated medium with a CVSS score of 4.3, but Patchstack notes it is unlikely to be exploited. Successful exploitation could allow unprivileged users to execute higher privileged actions [1].
To mitigate, update the plugin to version 1.2.9 or later. Patchstack users can enable auto-update for vulnerable plugins. If unable to update, consult your hosting provider or web developer for assistance [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.2.8+ 1 more
- (no CPE)range: <=1.2.8
- (no CPE)range: <=1.2.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.