CVE-2025-68866
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-29

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-29
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68866
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68866 is a medium priority Cross Site Scripting (XSS) vulnerability in the WordPress Dinatur Plugin versions up to and including 1.18. It allows an attacker to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into a website. These scripts execute when visitors access the compromised site. Exploitation requires user interaction by a privileged user, like clicking a malicious link, visiting a crafted page, or submitting a form. No official fix is currently available, but mitigation rules exist to block attacks until a patch is released. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, potentially leading to unauthorized redirects, displaying unwanted advertisements, or other harmful HTML payloads. This can compromise the security and integrity of your site, harm user trust, and possibly lead to further attacks or data exposure. Since exploitation requires privileged user interaction, it can also affect administrative functions or sensitive areas of your site. [1]

Detection Guidance

Detection of this Cross Site Scripting (XSS) vulnerability in the Dinatur WordPress plugin can be performed by monitoring for unusual script injections or unexpected HTML payloads in web pages generated by the plugin. Since no official fix is available, using automated vulnerability mitigation services or applying Patchstack's mitigation rules can help detect and block exploitation attempts. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is released. Utilizing automated vulnerability mitigation services from Patchstack is also recommended to safeguard affected websites. Monitoring and restricting privileged user interactions that could trigger exploitation (such as clicking malicious links or submitting crafted forms) can further reduce risk. [1]

Compliance Impact

The provided resources do not specify how this Cross Site Scripting (XSS) vulnerability in the Dinatur plugin affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68866. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart