CVE-2025-68904
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jegtheme | jnews-frontend-submit | to 11.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68904 is a medium severity Cross Site Scripting (XSS) vulnerability in the WordPress JNews - Frontend Submit Plugin (versions up to 11.0.0). It allows an unauthenticated attacker to inject malicious scripts, such as redirects or advertisements, into the website. These scripts execute when visitors access the site, potentially compromising user interactions. Exploitation requires user interaction, like clicking a malicious link or submitting a crafted form. [1]
How can this vulnerability impact me? :
This vulnerability can lead to malicious scripts running on your website, which may redirect users to harmful sites, display unwanted advertisements, or steal sensitive information. It can compromise the security and trustworthiness of your site, potentially harming users and damaging your reputation. Since it requires user interaction, attackers may trick users into triggering the exploit. [1]
What immediate steps should I take to mitigate this vulnerability?
Users are advised to apply Patchstackβs mitigation rule immediately to block attacks until an official patch becomes available. This mitigation helps protect sites from exploitation of the reflected XSS vulnerability in the JNews - Frontend Submit Plugin versions up to 11.0.0. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection commands or methods for this vulnerability. However, Patchstack has provided a mitigation rule to block attacks until a patch becomes available. Users are advised to apply this mitigation immediately to protect their sites. [1]