CVE-2025-68860

CRITICAL

Mobile builder <1.4.2 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-68860. PoCs published by Nxploited, DedsecTeam-BlackHat.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2025-68860, which targets a broken authentication vulnerability in WordPress Mobile Builder Plugin <= 1.4.2. The exploit generates a JWT token to authenticate as an admin (user_id=1) and creates a new administrator account.

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through <= 1.4.2.

Exploits (2)

nomisec WORKING POC 1 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2025-68860

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2025-68860, which targets a broken authentication vulnerability in WordPress Mobile Builder Plugin <= 1.4.2. The exploit generates a JWT token to authenticate as an admin (user_id=1) and creates a new administrator account.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress Mobile Builder Plugin <= 1.4.2

No auth needed

Prerequisites: Target URL · Python 3.7+ · pyjwt · requests · colorama

MITRE ATT&CK

T1550 - Use Alternate Authentication Material

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec SUSPICIOUS

by DedsecTeam-BlackHat · poc

https://github.com/DedsecTeam-BlackHat/CVE-2025-68860

View Code ZIP pw:eip

The repository contains an obfuscated Python script using Pyarmor, which is highly unusual for legitimate PoC releases. The lack of readable code or technical details in the README suggests this may be a lure to download external content or execute malicious payloads.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Complex

Reliability

Theoretical

Target: unknown

No auth needed

Prerequisites: unknown

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (2)

Core 2

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/mobile-builder/vulnerability/wordpress-mobile-builder-plugin-1-4-2-broken-authentication-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/wordpress/plugin/mobile-builder/vulnerability/wordpress-mobile-builder-plugin-1-4-2-broken-authentication-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.0048

EPSS Percentile 37.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-288

Status published

Products (1)

Mobile Builder/Mobile builder < 1.4.2

Published Dec 29, 2025

Tracked Since Feb 18, 2026