CVE Catalog

CVE-2025-68075

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

The BNE Testimonials plugin version 2.0.8 and earlier contains a Cross Site Scripting (XSS) vulnerability from contributors. This allows injection of malicious JavaScript code by content authors.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or perform other unauthorized actions in the victim's browser context.

Recommendation

Immediately update the BNE Testimonials plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS