CVE-2025-68558
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | depicter_slider | to 4.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68558 is a Broken Access Control vulnerability in the WordPress Depicter Slider Plugin (versions up to 4.0.4). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows unauthenticated users to perform actions that should be restricted to higher privileged users. This means attackers can exploit incorrectly configured access control security levels to gain unauthorized access or perform unauthorized actions. [1]
How can this vulnerability impact me? :
This vulnerability can allow unauthenticated attackers to perform privileged actions within the Depicter Slider plugin, potentially leading to unauthorized changes or access within a WordPress site. Because no prior authentication is required, the risk of exploitation is higher, which can compromise the security and integrity of the affected website. The vulnerability has a moderate severity with a CVSS score of 6.5. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for unauthorized access attempts or actions performed without proper authentication on the Depicter Slider plugin. Since the vulnerability allows unauthenticated users to perform privileged actions, inspecting web server logs for suspicious requests targeting Depicter Slider plugin endpoints may help. Additionally, using Patchstack's automatic mitigation rule can help detect and block attacks targeting this vulnerability. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Depicter Slider WordPress plugin to version 4.0.5 or later, where the vulnerability is fixed. Until the update can be applied, enabling Patchstack's automatic mitigation rule to block attacks targeting this vulnerability is recommended. Patchstack users can also enable auto-updates for vulnerable plugins to ensure rapid protection. [1]