CVE-2025-68003
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shown | connector | to 1.2.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68003 is a Missing Authorization vulnerability in the WordPress Shown Connector Plugin (versions up to 1.2.10). It is a settings change vulnerability classified under OWASP Top 10 category A1: Broken Access Control. This means that an unauthenticated attacker can exploit incorrectly configured access control security levels to change settings without proper authorization. [1]
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated attacker to change settings in the Shown Connector plugin, potentially compromising the security and functionality of your WordPress site. Since it requires no authentication to exploit, it poses a moderate risk (CVSS score 6.5) and could lead to unauthorized configuration changes that may affect site behavior or security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized access attempts or changes to settings in the WordPress Shown Connector Plugin up to version 1.2.10. Since the vulnerability allows unauthenticated attackers to exploit broken access control, you should check your web server logs for suspicious requests targeting the shown-connector plugin endpoints. Specific commands are not provided in the resources, but general approaches include using web server log analysis tools (e.g., grep to search for requests to shown-connector paths) and deploying intrusion detection systems with rules to detect exploitation attempts. Patchstack has issued a mitigation rule that can help block attacks, which implies using their security tools or firewall rules for detection and prevention. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is released. Users are advised to implement this mitigation immediately to protect their websites. Additionally, continuous security monitoring and rapid response to suspicious activity are recommended. Since no official fix or patched version is currently available, applying the Patchstack mitigation and monitoring your site are the best immediate actions. [1]