CVE-2025-68011
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-28

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through <= 1.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68011
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gls gls_shipping_for_woocommerce to 1.4.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68011 is a medium severity Reflected Cross Site Scripting (XSS) vulnerability in the GLS Shipping for WooCommerce plugin (versions up to 1.4.0). It allows an attacker to inject malicious scripts, such as redirects or advertisements, into a website. These scripts execute when visitors access the compromised site, potentially causing unauthorized actions or data exposure. Exploitation requires user interaction, like clicking a malicious link or submitting a crafted form. [1]

Impact Analysis

This vulnerability can lead to unauthorized actions on your website or exposure of sensitive data by executing malicious scripts in the context of your site. It may result in redirecting users to malicious sites, displaying unwanted advertisements, or stealing user information. Since exploitation requires user interaction, attackers might trick users into clicking malicious links or submitting harmful forms, compromising your site's security and user trust. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for attempts to inject malicious scripts via the GLS Shipping for WooCommerce plugin, such as suspicious URL parameters or form submissions containing script tags or encoded payloads. Since no official patch or detection tool is provided, you can use web application firewall (WAF) logs or intrusion detection systems (IDS) to look for reflected XSS attack patterns targeting the plugin. Specific commands are not provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include applying the Patchstack mitigation rule designed to block attacks exploiting this vulnerability until an official fix is released. Additionally, restrict user privileges to minimize exposure, monitor for suspicious activity, and avoid clicking on untrusted links or submitting untrusted forms related to the plugin. Since no official patch is available yet, applying the mitigation rule from Patchstack is the recommended action. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68011. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart