CVE-2025-68904
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-28

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68904
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jegtheme jnews-frontend-submit to 11.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68904 is a medium severity Cross Site Scripting (XSS) vulnerability in the WordPress JNews - Frontend Submit Plugin (versions up to 11.0.0). It allows an unauthenticated attacker to inject malicious scripts, such as redirects or advertisements, into the website. These scripts execute when visitors access the site, potentially compromising user interactions. Exploitation requires user interaction, like clicking a malicious link or submitting a crafted form. [1]

Impact Analysis

This vulnerability can lead to malicious scripts running on your website, which may redirect users to harmful sites, display unwanted advertisements, or steal sensitive information. It can compromise the security and trustworthiness of your site, potentially harming users and damaging your reputation. Since it requires user interaction, attackers may trick users into triggering the exploit. [1]

Mitigation Strategies

Users are advised to apply Patchstack’s mitigation rule immediately to block attacks until an official patch becomes available. This mitigation helps protect sites from exploitation of the reflected XSS vulnerability in the JNews - Frontend Submit Plugin versions up to 11.0.0. [1]

Detection Guidance

There is no specific information provided about detection commands or methods for this vulnerability. However, Patchstack has provided a mitigation rule to block attacks until a patch becomes available. Users are advised to apply this mitigation immediately to protect their sites. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68904. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart