CVE-2025-68001
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0.
AnalysisAI
g-FFL Checkout WordPress plugin has an unrestricted file upload vulnerability allowing attackers to upload web shells for remote code execution.
Technical ContextAI
The g-FFL Checkout plugin by garidium has a CWE-434 unrestricted file upload that accepts any file type, allowing PHP file uploads that function as web shells.
Affected ProductsAI
garidium g-FFL Checkout WordPress plugin
RemediationAI
Update the plugin immediately. Audit stored customer data for unauthorized access. This is especially sensitive due to firearms compliance requirements.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today