CVE-2025-68001

CRITICAL

garidium g-FFL Checkout <2.1.0 - Unrestricted File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-68001. PoCs published by Nxploited.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-68001, targeting an unauthenticated arbitrary file upload vulnerability in a WordPress plugin. The exploit automates the process of extracting a nonce from the checkout page and uploading a malicious file via the 'ffl_upload_document' action.

Description

Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0.

Exploits (1)

nomisec WORKING POC
by Nxploited · poc
https://github.com/Nxploited/CVE-2025-68001

This repository contains a functional exploit for CVE-2025-68001, targeting an unauthenticated arbitrary file upload vulnerability in a WordPress plugin. The exploit automates the process of extracting a nonce from the checkout page and uploading a malicious file via the 'ffl_upload_document' action.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress plugin (likely 'Fluent Forms' or similar)
No auth needed
Prerequisites: Target URL list · Malicious file (e.g., shell.php)
devstral-2 · analyzed Apr 19, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 10.0
EPSS 0.0002
EPSS Percentile 7.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
garidium/g-FFL Checkout < 2.1.0
garidium/g-FFL Checkout < <= 2.1.0
Published Jan 22, 2026
Tracked Since Feb 18, 2026