CVE-2025-68844
Awaiting Analysis Awaiting Analysis - Queue
Reflected XSS in Membee Login Widget Allows Code Injection

Publication date: 2026-02-20

Last updated on: 2026-02-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaleAB Membee Login membees-member-login-widget allows Reflected XSS.This issue affects Membee Login: from n/a through <= 2.3.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68844
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patchstack membee_login_plugin to 2.3.6 (inc)
daleab membee_login to 2.3.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-68844 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress Membee Login Plugin versions up to and including 2.3.6.'}, {'type': 'paragraph', 'content': 'This vulnerability allows an attacker to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”that execute when site visitors access the compromised pages.'}, {'type': 'paragraph', 'content': "Exploitation requires user interaction by a privileged user, such as clicking a malicious link, visiting a crafted page, or submitting a form. Although an unauthenticated attacker can trigger the vulnerability, successful exploitation depends on the privileged user's action."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can lead to the execution of malicious scripts on your website, which can result in unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads.'}, {'type': 'paragraph', 'content': "Such exploitation can compromise the integrity and trustworthiness of your website, potentially harming your users and your organization's reputation."}, {'type': 'paragraph', 'content': 'Because exploitation requires privileged user interaction, attackers may attempt to trick authorized users into performing actions that trigger the vulnerability.'}] [1]

Compliance Impact

I don't know

Detection Guidance

CVE-2025-68844 is a reflected Cross Site Scripting (XSS) vulnerability in the WordPress Membee Login Plugin versions up to 2.3.6. Detection typically involves monitoring for suspicious HTTP requests that include malicious script payloads targeting the vulnerable plugin endpoints.

While no specific commands are provided, common detection methods include using web application firewalls (WAF) with rules designed to detect XSS payloads, inspecting web server logs for unusual query parameters or script injections, and employing security scanners that test for reflected XSS vulnerabilities on the Membee Login plugin pages.

Patchstack has issued mitigation rules that can help block attacks until the plugin is updated, which may also assist in detecting exploitation attempts.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate and recommended mitigation step is to update the WordPress Membee Login Plugin to version 2.3.7 or later, which contains the patch for this vulnerability.'}, {'type': 'paragraph', 'content': "Until the update can be applied, users can implement Patchstack's mitigation rules to block attack attempts targeting this vulnerability."}, {'type': 'paragraph', 'content': 'Additionally, enabling automatic mitigation and auto-update options provided by Patchstack can help protect the system from exploitation.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68844. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart