CVE-2025-68001
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| garidium | g-ffl-checkout | to 2.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68001 is a critical vulnerability in the WordPress g-FFL Checkout Plugin (versions up to 2.1.0) that allows unauthenticated attackers to upload arbitrary files, including malicious web shells, to the affected website. This arbitrary file upload flaw enables attackers to execute malicious code on the server, potentially gaining unauthorized access and control over the website. The vulnerability is classified under OWASP Top 10 category A3: Injection and has a CVSS score of 10, indicating a critical risk. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to your web server, execution of malicious code, installation of backdoors, and full compromise of your website. Attackers can exploit this flaw without any privileges, making it easy to exploit and potentially leading to data theft, website defacement, or use of your server for further attacks. Immediate patching to version 2.1.1 or later is strongly recommended to prevent exploitation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for unauthorized file uploads or web shells on the affected WordPress site using the g-FFL Checkout plugin (version β€ 2.1.0). Since the vulnerability allows arbitrary file uploads without authentication, checking the upload directories for suspicious files or web shells is recommended. Additionally, enabling Patchstack's automatic mitigation rules can help detect exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediately update the g-FFL Checkout WordPress plugin to version 2.1.1 or later, which contains the fix for this vulnerability. Until the update can be applied, enable Patchstack's automatic mitigation rule that blocks exploitation attempts. If using Patchstack, enable auto-updates for vulnerable plugins to ensure rapid protection. [1]