CVE-2025-66142
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | comparimager_elementor | to 1.0.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66142 is a Broken Access Control vulnerability in the WordPress Comparimager for Elementor Plugin (versions up to 1.0.1). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows users with low privileges (such as Subscriber or Developer roles) to perform actions that should be restricted to higher-privileged users. [1]
How can this vulnerability impact me? :
This vulnerability can allow unprivileged users to perform unauthorized actions within the plugin, potentially leading to unauthorized changes or access to sensitive functionality. However, the overall threat level is considered low, and exploitation is unlikely. The CVSS score is 5.4, indicating a low severity impact. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for unauthorized access attempts or actions performed by users with Subscriber or Developer roles that should require higher privileges. Since the vulnerability stems from missing authorization checks in the Comparimager for Elementor plugin (versions up to 1.0.1), monitoring WordPress logs for unusual activity related to this plugin is recommended. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting user roles to minimize unprivileged users' capabilities, monitoring for suspicious activity, and applying any available security measures from Patchstack's mitigation and security intelligence services. Since no official fix or patched version is currently available, applying strict access controls and monitoring is advised. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.