CVE-2025-68904
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-68904, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-22

Last updated on: 2026-01-28

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-22
Last Modified
2026-01-28
Generated
2026-07-06
AI Q&A
2026-01-22
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
jegtheme jnews-frontend-submit to 11.0.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-68904 is a medium severity Cross Site Scripting (XSS) vulnerability in the WordPress JNews - Frontend Submit Plugin (versions up to 11.0.0). It allows an unauthenticated attacker to inject malicious scripts, such as redirects or advertisements, into the website. These scripts execute when visitors access the site, potentially compromising user interactions. Exploitation requires user interaction, like clicking a malicious link or submitting a crafted form. [1]

Impact Analysis

This vulnerability can lead to malicious scripts running on your website, which may redirect users to harmful sites, display unwanted advertisements, or steal sensitive information. It can compromise the security and trustworthiness of your site, potentially harming users and damaging your reputation. Since it requires user interaction, attackers may trick users into triggering the exploit. [1]

Mitigation Strategies

Users are advised to apply Patchstack’s mitigation rule immediately to block attacks until an official patch becomes available. This mitigation helps protect sites from exploitation of the reflected XSS vulnerability in the JNews - Frontend Submit Plugin versions up to 11.0.0. [1]

Detection Guidance

There is no specific information provided about detection commands or methods for this vulnerability. However, Patchstack has provided a mitigation rule to block attacks until a patch becomes available. Users are advised to apply this mitigation immediately to protect their sites. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68904. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart