Skip to main content

Eli 039 S Wordcents Adsense Widget With Analytics

1 CVEs product

Monthly

CVE-2025-68872 HIGH This Week

Reflected cross-site scripting in Eli's WordCents adSense Widget with Analytics WordPress plugin (versions <= 1.3.03.27) allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the user is lured into clicking a crafted link. The flaw stems from improper neutralization of user-supplied input (CWE-79), and while no public exploit identified at time of analysis, the scope-changing CVSS vector indicates potential for session hijacking or administrative account takeover if a logged-in WordPress admin is targeted.

XSS Eli 039 S Wordcents Adsense Widget With Analytics
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in Eli's WordCents adSense Widget with Analytics WordPress plugin (versions <= 1.3.03.27) allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the user is lured into clicking a crafted link. The flaw stems from improper neutralization of user-supplied input (CWE-79), and while no public exploit identified at time of analysis, the scope-changing CVSS vector indicates potential for session hijacking or administrative account takeover if a logged-in WordPress admin is targeted.

XSS Eli 039 S Wordcents Adsense Widget With Analytics
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy