CVE-2025-68835
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-68835, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-22

Last updated on: 2026-01-27

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-22
Last Modified
2026-01-27
Generated
2026-07-06
AI Q&A
2026-01-22
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
matiskiba ravpage From 1.0 (inc) to 2.33 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-68835 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Ravpage Plugin (versions up to and including 2.33). It allows unauthenticated attackers to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into websites using the affected plugin. These scripts execute when site visitors access the compromised pages, potentially leading to unauthorized actions or data exposure. Exploitation requires user interaction, like clicking a malicious link or visiting a crafted page. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, theft of user data, session hijacking, or other malicious activities. It compromises the security and integrity of your website and can harm your users. Since exploitation requires user interaction, attackers may trick users into clicking malicious links or visiting crafted pages to trigger the attack. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for attempts to inject malicious scripts via the Ravpage plugin, such as unusual URL parameters or suspicious HTTP requests containing script tags or encoded payloads. Specific commands are not provided in the available resources. However, users can monitor web server logs for suspicious requests targeting the Ravpage plugin and use web application firewalls (WAF) with rules designed to detect and block reflected XSS attempts. [1]

Mitigation Strategies

Since no official patch is currently available for this vulnerability, the immediate mitigation step is to apply the Patchstack mitigation rule designed to block attacks targeting this vulnerability. Users are advised to implement this mitigation immediately to protect their sites from exploitation until an official patch is released. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68835. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart