Unauthenticated Cross Site Scripting Vulnerability in Eli's WordCents AdSense Widget
CVE-2025-68872

7.1HIGH

What is CVE-2025-68872?

The Eli's WordCents adSense Widget with Analytics has a vulnerability that allows unauthenticated users to execute arbitrary JavaScript in the context of the user's session, which could lead to theft of data or unauthorized actions. This issue arises from improper validation of user input, specifically resulting in reflected cross-site scripting. It is imperative to address this vulnerability promptly to ensure the safety of site users and safeguard sensitive information.

Affected Version(s)

Eli&#039;s WordCents adSense Widget with Analytics <= 1.3.03.27

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Skalucy | Patchstack Bug Bounty Program
.