{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68001", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T10:00:49.129Z", "datePublished": "2026-01-22T16:51:59.247Z", "dateUpdated": "2026-04-28T16:14:25.927Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "g-ffl-checkout", "product": "g-FFL Checkout", "vendor": "garidium", "versions": [{"changes": [{"at": "2.1.1", "status": "unaffected"}], "lessThanOrEqual": "2.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Denver Jackson | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:21:22.440Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.<p>This issue affects g-FFL Checkout: from n/a through <= 2.1.0.</p>"}], "value": "Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0."}], "impacts": [{"capecId": "CAPEC-650", "descriptions": [{"lang": "en", "value": "Upload a Web Shell to a Web Server"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:25.927Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/g-ffl-checkout/vulnerability/wordpress-g-ffl-checkout-plugin-2-1-0-arbitrary-file-upload-vulnerability?_s_id=cve"}], "title": "WordPress g-FFL Checkout plugin <= 2.1.0 - Arbitrary File Upload vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T19:02:24.349880Z", "id": "CVE-2025-68001", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T18:25:53.385Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-68001", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-28T19:02:24.349880Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T17:21:44.745Z"}}], "cna": {"title": "WordPress g-FFL Checkout plugin <= 2.1.0 - Arbitrary File Upload vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Denver Jackson | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-650", "descriptions": [{"lang": "en", "value": "Upload a Web Shell to a Web Server"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "garidium", "product": "g-FFL Checkout", "versions": [{"status": "affected", "changes": [{"at": "2.1.1", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "2.1.0"}], "packageName": "g-ffl-checkout", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:21:22.440Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/g-ffl-checkout/vulnerability/wordpress-g-ffl-checkout-plugin-2-1-0-arbitrary-file-upload-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0.", "supportingMedia": [{"type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.<p>This issue affects g-FFL Checkout: from n/a through <= 2.1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:13:55.562Z"}}}, "cveMetadata": {"cveId": "CVE-2025-68001", "state": "PUBLISHED", "dateUpdated": "2026-04-27T18:25:53.385Z", "dateReserved": "2025-12-15T10:00:49.129Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-22T16:51:59.247Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0."}, {"lang": "es", "value": "Vulnerabilidad de carga irrestricta de archivos de tipo peligroso en garidium g-FFL Checkout g-ffl-checkout permite la carga de una shell web a un servidor web. Este problema afecta a g-FFL Checkout: desde n/a hasta &lt;= 2.1.0."}], "id": "CVE-2025-68001", "lastModified": "2026-04-27T19:16:21.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-22T17:16:06.477", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/g-ffl-checkout/vulnerability/wordpress-g-ffl-checkout-plugin-2-1-0-arbitrary-file-upload-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-29T00:58:50.020564+00:00", "value": {"mitigation_remediation": ["Upgrade the g-FFL Checkout plugin to a version newer than 2.1.0, if available, to apply the vendor fix.", "If an update is not available, disable or remove the g-FFL Checkout plugin from the site to eliminate the upload capability.", "Implement strict file type validation and restrict write permissions on the WordPress upload directory to prevent arbitrary file uploads in the future."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The garidium g-FFL Checkout plugin versions up to and including 2.1.0 are affected. Any WordPress installation running these versions is vulnerable.", "description_and_impact": "Unrestricted file upload in the garidium g-FFL Checkout plugin permits an attacker to upload any file, including malicious web shells, to the WordPress site. The presence of a web shell could enable the attacker to execute arbitrary code on the server.", "risk_and_exploitability": "This vulnerability is rated as CWE-434 and carries a CVSS score of 10.0, indicating critical severity. The EPSS score of less than 1\u2009% suggests that public exploitation is uncommon, but the high severity keeps overall risk elevated. The vulnerability is not listed in the CISA KEV catalog. Attackers likely exploit the upload interface of the plugin; the exact attack prerequisites are not detailed, but interaction with the upload functionality is required."}}}}, "created": "2026-01-23T16:30:22.840344+00:00", "updated": "2026-04-29T01:00:11.420058+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}