CVE-2025-68992

Vulnerability

Overview The BWL Knowledge Base Manager plugin for WordPress (versions up to and including 1.6.3) contains a stored cross-site scripting (XSS) vulnerability due to improper neutralization of user-supplied input during web page generation [1]. This allows an attacker to store arbitrary script code in the application's database, which is later executed when unsuspecting users view the affected pages.

Exploitation

Conditions Exploitation requires user interaction: a privileged user (e.g., editor or admin) must perform an action such as clicking a malicious link or submitting a crafted form [1]. The vulnerability is actively used in mass-exploit campaigns targeting thousands of websites [1]. Attackers can initiate the attack with a specific role, but successful execution depends on the privileged user's interaction.

Impact

If exploited, an attacker can inject malicious scripts that execute in the browsers of visitors to the affected site. This can lead to redirections to malicious sites, display of unwanted advertisements, or theft of sensitive information [1]. The attack does not require special privileges beyond those needed to trigger the stored payload.

Mitigation

Users are strongly advised to update the BWL Knowledge Base Manager plugin to a version higher than 1.6.3 [1]. If an immediate update is not possible, contact the hosting provider or a web developer for assistance. The vulnerability has a CVSS v3 score of 6.5 (Medium), indicating a moderate but real risk to site security.