CVE-2025-68501
Awaiting Analysis Awaiting Analysis - Queue
Reflected XSS in Mollie Payments for WooCommerce

Publication date: 2026-02-20

Last updated on: 2026-02-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.1.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68501
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mollie mollie_payments_for_woocommerce to 8.1.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68501 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress Mollie Payments for WooCommerce plugin versions up to and including 8.1.1.

This vulnerability allows an attacker to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”that execute when site visitors access the compromised pages.

Exploitation requires user interaction by a privileged user performing actions like clicking a malicious link, visiting a crafted page, or submitting a form.

The vulnerability falls under the OWASP Top 10 category A3: Injection.

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts in the context of your website.

  • Attackers can inject redirects that send users to malicious sites.
  • Attackers can display unwanted advertisements or other harmful HTML payloads.
  • Successful exploitation depends on privileged user interaction, which could lead to compromised user sessions or unauthorized actions.

Overall, this can lead to a degraded user experience, loss of trust, and potential security breaches.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is a reflected Cross Site Scripting (XSS) issue in the Mollie Payments for WooCommerce plugin up to version 8.1.1. Detection typically involves identifying malicious script injections in web page responses when users interact with the affected plugin.'}, {'type': 'paragraph', 'content': "Since the vulnerability requires user interaction such as clicking a malicious link or submitting a crafted form, monitoring HTTP requests and responses for suspicious script payloads targeting the plugin's endpoints can help detect exploitation attempts."}, {'type': 'paragraph', 'content': 'Specific commands are not provided in the resources, but common approaches include using web vulnerability scanners or intercepting proxy tools (e.g., Burp Suite) to test for reflected XSS by injecting typical XSS payloads into input fields or URL parameters related to the Mollie Payments plugin.'}] [1]

Mitigation Strategies

The primary mitigation step is to update the Mollie Payments for WooCommerce plugin to version 8.1.2 or later, where the vulnerability has been patched.

Until the update can be applied, Patchstack provides an automatic mitigation rule that can block attacks exploiting this vulnerability.

Additionally, enabling auto-update options for the plugin can help ensure timely application of security patches in the future.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68501. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart