Cybersecurity Vulnerabilities

CVE-2025-66113: Critical Access Control Flaw in Better Chat Support for Messenger Plugin

November 21, 2025 - By 

Published: 2025-11-21

Overview

This article details a critical security vulnerability, identified as CVE-2025-66113, affecting the Better Chat Support for Messenger WordPress plugin. This vulnerability is a Missing Authorization issue that allows for Exploiting Incorrectly Configured Access Control Security Levels. Successful exploitation could lead to unauthorized access and modification of sensitive plugin data or functionality.

The affected versions of the Better Chat Support for Messenger plugin are from n/a through version 1.2.18.

Technical Details

CVE-2025-66113 stems from a Missing Authorization vulnerability within the Better Chat Support for Messenger plugin. The plugin fails to properly validate user permissions before granting access to certain functionalities or data. This allows an attacker to bypass intended access controls and perform actions they are not authorized to undertake. The specific endpoint(s) affected are not explicitly mentioned, but the core problem is lack of proper authorization checks which may allow access to admin functionalities from unprivileged users.

CVSS Analysis

As the CVSS score is currently unavailable (N/A), it’s difficult to accurately assess the severity of this vulnerability based on quantitative metrics. However, the description indicates a “Missing Authorization” leading to “Exploiting Incorrectly Configured Access Control Security Levels” which indicates the vulnerability can be of Critical severity. Given the potential impact of unauthorized access, it’s important to treat this vulnerability with high priority until a CVSS score is officially assigned.

Possible Impact

The impact of this vulnerability could be significant. An attacker could potentially:

  • Modify chat settings.
  • Access and potentially exfiltrate sensitive user data exchanged through the chat system.
  • Impersonate administrators.
  • Potentially inject malicious code into the chat interface (depending on the scope of the access gained).

Mitigation or Patch Steps

The primary mitigation strategy is to immediately update the Better Chat Support for Messenger plugin to the latest available version. If an update is not yet available, consider temporarily disabling the plugin until a patched version is released. Monitor the plugin developer’s website or the WordPress plugin repository for updates and security announcements.

Specific steps to mitigate the vulnerability are:

  1. Update to a version higher than 1.2.18, if available.
  2. Monitor for updates from the plugin developer (ThemeAtelier).
  3. As a temporary measure disable the plugin until an update is available

References

Patchstack Vulnerability Database Entry for CVE-2025-66113

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *