CVE-2025-68009
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68009 is a Broken Access Control vulnerability in the WordPress Slider Templates Plugin (versions up to 1.0.3). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, allowing unauthenticated users to perform actions that should require higher privileges. [1]
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to access and perform privileged actions within the Slider Templates plugin, potentially compromising the security and integrity of your WordPress site. Since it is a medium severity issue with a CVSS score of 6.5, exploitation could lead to unauthorized changes or access to sensitive functionality. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official fix or patched version is currently available for CVE-2025-68009, it is recommended to apply the mitigation rule released by Patchstack to block attacks targeting this vulnerability. Users should implement this mitigation measure immediately to protect their websites from exploitation. [1]