Unauthenticated Cross Site Scripting Vulnerability in Eli's WordCents AdSense Widget
CVE-2025-68872
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 15 June 2026
What is CVE-2025-68872?
The Eli's WordCents adSense Widget with Analytics has a vulnerability that allows unauthenticated users to execute arbitrary JavaScript in the context of the user's session, which could lead to theft of data or unauthorized actions. This issue arises from improper validation of user input, specifically resulting in reflected cross-site scripting. It is imperative to address this vulnerability promptly to ensure the safety of site users and safeguard sensitive information.
Affected Version(s)
Eli's WordCents adSense Widget with Analytics <= 1.3.03.27