CVE-2025-69140
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-69140
EUVD
EUVD-2025-210260
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sweetdate sweetdate to 1.1.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability is an unauthenticated Cross Site Scripting (XSS) issue in the WordPress SweetDate Core Plugin versions prior to 1.1.5.

It allows attackers to inject malicious scripts into the website, which can execute when a user interacts with the site, such as by clicking a malicious link or submitting a form.

These injected scripts can perform actions like redirects or displaying unwanted advertisements.

The vulnerability has a CVSS score of 7.1, indicating a moderate level of risk.

Impact Analysis

Exploitation of this vulnerability can lead to attackers injecting malicious scripts into your website, which can harm your users by redirecting them to malicious sites or displaying unwanted content.

Because the attack requires user interaction, it can be used in mass campaigns targeting many websites.

This can damage your website's reputation, reduce user trust, and potentially lead to further security issues.

Detection Guidance

This vulnerability is a reflected Cross Site Scripting (XSS) issue in the SweetDate Core WordPress plugin versions prior to 1.1.5. Detection typically involves monitoring for suspicious HTTP requests that include malicious script payloads targeting the vulnerable plugin endpoints.

While specific commands are not provided in the available resources, common detection methods include using web application firewall (WAF) logs or intrusion detection systems (IDS) to identify requests containing typical XSS attack patterns such as script tags or encoded payloads.

Administrators can also perform manual testing by sending crafted HTTP requests with XSS payloads to the plugin's endpoints to verify if the vulnerability is present.

Mitigation Strategies

The primary immediate mitigation step is to update the SweetDate Core plugin to version 1.1.5 or later, where the vulnerability has been patched.

Until the update can be applied, it is recommended to implement the mitigation rule provided by Patchstack to block attack attempts targeting this vulnerability.

Additionally, monitoring and filtering incoming requests for suspicious XSS payloads using a web application firewall (WAF) can help reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69140. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart