CVE-2025-68892
Published: 08 January 2026
Summary
CVE-2025-68892 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Validates web inputs to reject script-related content that could produce XSS.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS in public-facing WordPress plugin directly enables remote exploitation of the web app (T1190) via crafted links (T1566.002) to execute arbitrary JavaScript in the victim browser (T1059.007).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Scroll rss excerpt scroll-rss-excerpt allows Reflected XSS.This issue affects Scroll rss excerpt: from n/a through <= 5.0.
Deeper analysisAI
CVE-2025-68892 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Scroll RSS Excerpt WordPress plugin developed by gopiplus@hotmail.com. The issue affects all versions of the plugin from n/a through 5.0 inclusive. Published on 2026-01-08, it carries a CVSS v3.1 base score of 7.1.
Attackers can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) but user interaction (UI:R), and it results in a changed scope (S:C) with low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L). A remote unauthenticated attacker could craft malicious input, such as a specially crafted link or request, tricking a user into interacting with a vulnerable WordPress site running the affected plugin, thereby injecting and executing arbitrary scripts in the victim's browser context.
The Patchstack advisory provides details on this WordPress plugin vulnerability, accessible at https://patchstack.com/database/Wordpress/Plugin/scroll-rss-excerpt/vulnerability/wordpress-scroll-rss-excerpt-plugin-5-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.
Details
- CWE(s)