CVE-2025-68880
Awaiting Analysis Awaiting Analysis - Queue
Reflected XSS in Simple Archive Generator ≀ 5.2 Allows Code Injection

Publication date: 2026-02-20

Last updated on: 2026-02-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Reflected XSS.This issue affects Simple Archive Generator: from n/a through <= 5.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68880
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
peterwsterling simple_archive_generator From 5.2 (inc)
peterwsterling simple_archive_generator to 5.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68880 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress Simple Archive Generator Plugin versions 5.2 and earlier.

This vulnerability allows unauthenticated attackers to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”into websites using the plugin.

These malicious scripts execute when site visitors access the compromised pages, potentially leading to harmful effects.

Impact Analysis

Exploitation of this vulnerability can lead to attackers injecting malicious scripts that execute in the browsers of site visitors.

  • Redirecting users to malicious websites.
  • Displaying unwanted advertisements.
  • Executing other harmful HTML or script payloads that could compromise user data or site integrity.

The vulnerability requires user interaction, such as clicking a malicious link or visiting a crafted page.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability is a reflected Cross Site Scripting (XSS) issue in the Simple Archive Generator WordPress plugin versions 5.2 and earlier. Detection typically involves monitoring for suspicious HTTP requests that include malicious script payloads targeting the plugin's input fields."}, {'type': 'paragraph', 'content': 'While no specific commands are provided in the available resources, common detection methods include using web application firewalls (WAFs) with rules to identify and block XSS payloads, or employing security scanners that test for reflected XSS vulnerabilities by sending crafted requests and analyzing responses.'}, {'type': 'paragraph', 'content': 'Network or system administrators can also review web server logs for unusual query parameters or input values containing script tags or JavaScript code that might indicate exploitation attempts.'}] [1]

Mitigation Strategies

Since no official patch is currently available for this vulnerability, immediate mitigation involves applying the recommended mitigation rules provided by Patchstack to block attacks targeting this issue.

  • Implement automated vulnerability blocking solutions such as a web application firewall (WAF) configured with rules to detect and block reflected XSS payloads targeting the Simple Archive Generator plugin.
  • Monitor and restrict user inputs and URL parameters that interact with the plugin to prevent injection of malicious scripts.
  • Educate users and administrators to avoid clicking suspicious links or submitting untrusted forms that could trigger the vulnerability.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68880. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart