CVE-2025-68501

Vulnerability

Overview

The Mollie Payments for WooCommerce WordPress plugin, up to version 8.1.1, contains a reflected cross-site scripting (XSS) vulnerability stemming from improper neutralization of input during web page generation [1]. This flaw enables an attacker to inject arbitrary HTML and JavaScript code into the application's response, which then executes in the context of the victim's browser.

Exploitation

Details

Exploitation requires user interaction, such as clicking a crafted link or visiting a specially prepared page [1]. No special privileges are needed to initiate the attack, though the victim must perform the action. The vulnerability is considered moderately dangerous and is expected to be targeted in mass-exploit campaigns, affecting websites regardless of their size or popularity [1].

Impact and

Mitigation

Successful exploitation could allow a malicious actor to execute arbitrary scripts, leading to redirects, unwanted advertisements, or other HTML payloads being displayed to visitors [1]. The vendor has released version 8.1.2 to address the issue. Users are strongly advised to update immediately. For those unable to upgrade, applying a security rule from Patchstack can block attacks until the update is applied [1].