What the vulnerability does
01Description
Missing Authorization vulnerability in merkulove Worker for WPBakery worker-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through <= 1.1.1.
Explanation of Vulnerability in Simple Terms
02Summary
Worker for WPBakery versions up to 1.1.1 lack proper authorization checks, allowing authenticated users to modify or disable site functionality. An attacker with low-level access can alter content integrity or disrupt site operations without higher privileges. Update to a version newer than 1.1.1 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Modify or disable site functionality without requiring higher-level permissions.
Potential impact on your site
04Site Impact
Authenticated users can alter content or disrupt site operations beyond their intended permissions.
Conditions required to exploit
05Prerequisites
Attacker must have a low-level user account on the WordPress site.
Key dates
06Disclosure timeline
December 31, 2025
CVE published
April 28, 2026
Record updated