Skip to main content
CVE-2025-68897 CRITICAL Act Now

Remote code injection in IF AS Shortcode WordPress plugin versions up to 1.2 allows attackers to execute arbitrary code through improper handling of shortcode parameters. The vulnerability stems from CWE-94 (Improper Control of Code Generation) and affects WordPress installations using this plugin. Patchstack reported the vulnerability; however, no CVSS vector is provided and EPSS probability is low at 0.07%, suggesting limited real-world exploit activity at the time of analysis.

Code Injection RCE
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-68562 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.7.3.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-68860 CRITICAL Act Now

Mobile Builder WordPress plugin versions 1.4.2 and earlier contain an authentication bypass vulnerability that allows attackers to circumvent authentication mechanisms through alternate paths or channels. The plugin fails to properly validate user credentials or session tokens, potentially enabling unauthorized access to sensitive functionality. With an EPSS score of 0.10% indicating low exploitation probability and no confirmed active exploitation, this represents a lower-priority vulnerability that should still be addressed through patching.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy