CVE-2025-68501
Reflected XSS in Mollie Payments for WooCommerce
Publication date: 2026-02-20
Last updated on: 2026-02-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mollie | mollie_payments_for_woocommerce | to 8.1.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68501 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress Mollie Payments for WooCommerce plugin versions up to and including 8.1.1.
This vulnerability allows an attacker to inject malicious scriptsβsuch as redirects, advertisements, or other HTML payloadsβthat execute when site visitors access the compromised pages.
Exploitation requires user interaction by a privileged user performing actions like clicking a malicious link, visiting a crafted page, or submitting a form.
The vulnerability falls under the OWASP Top 10 category A3: Injection.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the context of your website.
- Attackers can inject redirects that send users to malicious sites.
- Attackers can display unwanted advertisements or other harmful HTML payloads.
- Successful exploitation depends on privileged user interaction, which could lead to compromised user sessions or unauthorized actions.
Overall, this can lead to a degraded user experience, loss of trust, and potential security breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a reflected Cross Site Scripting (XSS) issue in the Mollie Payments for WooCommerce plugin up to version 8.1.1. Detection typically involves identifying malicious script injections in web page responses when users interact with the affected plugin.'}, {'type': 'paragraph', 'content': "Since the vulnerability requires user interaction such as clicking a malicious link or submitting a crafted form, monitoring HTTP requests and responses for suspicious script payloads targeting the plugin's endpoints can help detect exploitation attempts."}, {'type': 'paragraph', 'content': 'Specific commands are not provided in the resources, but common approaches include using web vulnerability scanners or intercepting proxy tools (e.g., Burp Suite) to test for reflected XSS by injecting typical XSS payloads into input fields or URL parameters related to the Mollie Payments plugin.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Mollie Payments for WooCommerce plugin to version 8.1.2 or later, where the vulnerability has been patched.
Until the update can be applied, Patchstack provides an automatic mitigation rule that can block attacks exploiting this vulnerability.
Additionally, enabling auto-update options for the plugin can help ensure timely application of security patches in the future.