CVE-2025-68883
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bidorbuy | bidorbuy_store_integrator | to 2.12.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68883 is a medium severity Reflected Cross Site Scripting (XSS) vulnerability in the WordPress bidorbuy Store Integrator Plugin versions up to 2.12.0. It allows attackers to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into websites using the plugin. These scripts execute when site visitors access the compromised pages, potentially leading to unauthorized actions or data exposure. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, theft of user data, session hijacking, or other malicious activities. Exploitation requires user interaction, such as clicking a malicious link or visiting a crafted page, and can compromise the security and integrity of your website and its visitors. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this reflected XSS vulnerability can involve monitoring for suspicious HTTP requests containing malicious script payloads targeting the bidorbuy Store Integrator plugin endpoints. While no specific commands are provided, you can use web application security scanners or manual inspection tools like curl or browser developer tools to test for reflected script injection by sending crafted requests and observing responses. Additionally, monitoring web server logs for unusual query parameters or payloads may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is released. Users should implement these mitigations immediately to protect their sites. Since no official fix is available as of the publication date, applying these protective rules and restricting user input that can be reflected in web pages are recommended. [1]