CVE-2025-68848

Vulnerability

Overview The amr cron manager plugin for WordPress versions up to and including 2.3 suffers from a reflected Cross-Site Scripting (XSS) vulnerability due to improper neutralization of user input during web page generation [1]. This allows an attacker to inject arbitrary HTML and JavaScript into the output, which is then executed in the context of the victim's browser.

Exploitation

Details Exploitation requires user interaction, such as a privileged user clicking a crafted link or visiting a specially prepared page [1]. The vulnerability can be triggered without authentication, but successful exploitation depends on the victim performing an action. The attacker does not need any specific privileges to craft the malicious request.

Impact

Successful exploitation enables the attacker to inject malicious scripts, which could be used to redirect visitors, display advertisements, steal sensitive data, or perform other actions within the context of the vulnerable site [1]. This can lead to compromise of the affected WordPress installation and its users.

Mitigation

The vulnerability has been acknowledged, and immediate updates are recommended. As of the reference, Patchstack has issued a mitigation rule to block attacks until an official patch is available [1]. Users are advised to update the plugin if a patched version is released, or apply workarounds as suggested by security advisories.