CVE-2025-68892

Vulnerability

Overview

CVE-2025-68892 is a reflected cross-site scripting (XSS) vulnerability found in the WordPress plugin Scroll rss excerpt (plugin slug: scroll-rss-excerpt) versions up to and including 5.0. The root cause is improper neutralization of user-supplied input during web page generation, allowing an attacker to inject arbitrary HTML and JavaScript code into the response.

Exploitation

Details

This is a reflected XSS issue that requires user interaction—specifically, a victim (such as an administrator or editor) must click a crafted link, visit a maliciously prepared page, or submit a specially designed form [1]. Attackers can trigger the vulnerability from a low-privileged role, but the action of the privileged user is needed to execute the payload. The attack typically targets web browsers, making it suitable for mass-exploit campaigns against thousands of sites simultaneously [1].

Impact

Successful exploitation allows a malicious actor to inject scripts that can perform actions like redirecting visitors to attacker-controlled sites, displaying unwanted advertisements, or exfiltrating session data. These malicious scripts execute in the context of the victim's browser when they visit the compromised page, potentially leading to privilege escalation or further compromise of the WordPress installation [1].

Mitigation

As of the publication date, no official patch has been released. The vendor recommends immediately updating the plugin; if updating is not possible, site owners should contact their hosting provider or web developer for assistance. Patchstack has issued a mitigation rule to block attacks until an official patch becomes available [1]. Given the moderate danger and expected exploitation in mass campaigns, this vulnerability warrants prompt action.