CVE-2025-66160
Description
Missing Authorization vulnerability in merkulove Select Graphist for Elementor Graphist for Elementor graphist-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elementor Graphist for Elementor: from n/a through <= 1.2.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Select Graphist for Elementor plugin ≤1.2.10 lacks proper authorization, allowing unauthenticated attackers to exploit broken access control and perform privileged actions.
Vulnerability
Details The Select Graphist for Elementor plugin for WordPress is vulnerable to a missing authorization issue in versions up to and including 1.2.10. This allows an unauthenticated attacker to exploit incorrectly configured access control security levels [1].
Exploitation
Attackers can exploit this vulnerability without any authentication by sending specially crafted requests to the affected plugin. Because the vulnerability does not require a valid user session, it can be targeted at a large scale, contributing to mass-exploit campaigns [1].
Impact
Successful exploitation enables an attacker to execute privileged actions that should be restricted to higher-level users. This can lead to unauthorized data modification, site defacement, or complete compromise of the WordPress installation [1].
Mitigation
The vulnerability has been addressed in a subsequent release. Users are strongly advised to update the plugin to the latest version immediately. If updating is not possible, contact your hosting provider or a web developer for alternative mitigation steps [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.2.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.