CVE-2025-68003
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-04-27

Assigner: Patchstack

Description
Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68003
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shown connector to 1.2.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68003 is a Missing Authorization vulnerability in the WordPress Shown Connector Plugin (versions up to 1.2.10). It is a settings change vulnerability classified under OWASP Top 10 category A1: Broken Access Control. This means that an unauthenticated attacker can exploit incorrectly configured access control security levels to change settings without proper authorization. [1]

Impact Analysis

This vulnerability can allow an unauthenticated attacker to change settings in the Shown Connector plugin, potentially compromising the security and functionality of your WordPress site. Since it requires no authentication to exploit, it poses a moderate risk (CVSS score 6.5) and could lead to unauthorized configuration changes that may affect site behavior or security. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized access attempts or changes to settings in the WordPress Shown Connector Plugin up to version 1.2.10. Since the vulnerability allows unauthenticated attackers to exploit broken access control, you should check your web server logs for suspicious requests targeting the shown-connector plugin endpoints. Specific commands are not provided in the resources, but general approaches include using web server log analysis tools (e.g., grep to search for requests to shown-connector paths) and deploying intrusion detection systems with rules to detect exploitation attempts. Patchstack has issued a mitigation rule that can help block attacks, which implies using their security tools or firewall rules for detection and prevention. [1]

Mitigation Strategies

Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is released. Users are advised to implement this mitigation immediately to protect their websites. Additionally, continuous security monitoring and rapid response to suspicious activity are recommended. Since no official fix or patched version is currently available, applying the Patchstack mitigation and monitoring your site are the best immediate actions. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68003. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart