CVE-2025-68866
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68866 is a medium priority Cross Site Scripting (XSS) vulnerability in the WordPress Dinatur Plugin versions up to and including 1.18. It allows an attacker to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into a website. These scripts execute when visitors access the compromised site. Exploitation requires user interaction by a privileged user, like clicking a malicious link, visiting a crafted page, or submitting a form. No official fix is currently available, but mitigation rules exist to block attacks until a patch is released. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, potentially leading to unauthorized redirects, displaying unwanted advertisements, or other harmful HTML payloads. This can compromise the security and integrity of your site, harm user trust, and possibly lead to further attacks or data exposure. Since exploitation requires privileged user interaction, it can also affect administrative functions or sensitive areas of your site. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Cross Site Scripting (XSS) vulnerability in the Dinatur WordPress plugin can be performed by monitoring for unusual script injections or unexpected HTML payloads in web pages generated by the plugin. Since no official fix is available, using automated vulnerability mitigation services or applying Patchstack's mitigation rules can help detect and block exploitation attempts. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is released. Utilizing automated vulnerability mitigation services from Patchstack is also recommended to safeguard affected websites. Monitoring and restricting privileged user interactions that could trigger exploitation (such as clicking malicious links or submitting crafted forms) can further reduce risk. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this Cross Site Scripting (XSS) vulnerability in the Dinatur plugin affects compliance with common standards and regulations such as GDPR or HIPAA.