CVE-2025-66158
Description
Missing Authorization vulnerability in merkulove Gmaper for Elementor gmaper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gmaper for Elementor: from n/a through <= 1.0.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Gmaper for Elementor (≤1.0.9) allows unauthenticated attackers can exploit incorrectly configured access controls.
Vulnerability
Overview
The Gmaper for Elementor plugin for WordPress, versions up to and including 1.0.9, contains a missing authorization vulnerability. This flaw stems from incorrectly configured access control security levels, allowing unprivileged users to perform actions that should require higher privileges [1].
Exploitation
An attacker with low-level authenticated access (e.g., a subscriber or contributor) can exploit this broken access control to execute unauthorized functions. The vulnerability does not require any special network position or additional authentication beyond a basic WordPress user credentials [1].
Impact
Successful exploitation enables an attacker to bypass intended permission checks, potentially leading to unauthorized data modification, privilege escalation, or other actions depending on the affected functionality. This type of vulnerability is commonly used in mass-exploit campaigns targeting thousands of websites [1].
Mitigation
The vendor has released a fix; users should update the plugin to version 1.1.0 or later immediately. If updating is not possible, contacting the hosting provider or a web developer for assistance is recommended [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.0.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.