CVE-2025-68030
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-28

Assigner: Patchstack

Description
Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68030
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack frontis_blocks to 1.1.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided resources do not specify how this SSRF vulnerability in the Frontis Blocks Plugin affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2025-68030 is a Server Side Request Forgery (SSRF) vulnerability in the WordPress Frontis Blocks Plugin versions up to and including 1.1.5. It allows an unauthenticated attacker to make the affected website send arbitrary HTTP requests to attacker-controlled domains. This can enable the attacker to access sensitive information from other services running on the same system. The vulnerability is classified under the OWASP Top 10 category A10: SSRF and has a CVSS score of 7.2, indicating moderate risk. [1]

Impact Analysis

This vulnerability can impact you by allowing an attacker to make your website perform arbitrary HTTP requests to domains they control, potentially exposing sensitive information from other services on your system. Since no special privileges are required to exploit it, the risk of unauthorized access and data leakage is significant. This can lead to data breaches and compromise of internal systems. [1]

Detection Guidance

Detection of this SSRF vulnerability can involve monitoring for unusual outbound HTTP requests originating from the affected WordPress site, especially requests to attacker-controlled domains. Network administrators can use tools like tcpdump or Wireshark to capture and analyze outgoing HTTP traffic. For example, a command like 'tcpdump -i any -A port 80 or port 443' can be used to monitor HTTP/HTTPS traffic. Additionally, reviewing web server logs for unexpected internal or external HTTP requests triggered by the Frontis Blocks plugin may help identify exploitation attempts. However, no specific detection commands are provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include updating the Frontis Blocks Plugin to version 1.1.6 or later, where the vulnerability has been fixed. Until the update can be applied, Patchstack provides a mitigation rule that blocks exploitation attempts. Users of Patchstack can enable this rule and also activate auto-updates for vulnerable plugins to ensure timely protection. Since no special privileges are required to exploit this vulnerability, prompt action is critical to prevent exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68030. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart