PatchSiren cyber security CVE debrief

CVE-2025-68872 Eli CVE debrief

CVE-2025-68872 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in Eli's WordCents adSense Widget with Analytics plugin versions <= 1.3.03.27. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2025-68872).

Vendor: Eli
Product: Eli's WordCents adSense Widget with Analytics
CVSS: HIGH 7.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-15
Original CVE updated: 2026-06-15
Advisory published: 2026-06-15
Advisory updated: 2026-06-15

Who should care

Users of Eli's WordCents adSense Widget with Analytics plugin versions <= 1.3.03.27 should apply patches or mitigations to prevent exploitation.

Technical summary

The vulnerability is caused by improper input validation in the Eli's WordCents adSense Widget with Analytics plugin, allowing unauthenticated attackers to inject malicious scripts.

Defensive priority

HIGH

Recommended defensive actions

Apply patches or updates to Eli's WordCents adSense Widget with Analytics plugin to version > 1.3.03.27.
Implement additional security measures, such as input validation and output encoding, to prevent similar vulnerabilities.

Evidence notes

Evidence from Patchstack and NVD indicates a vulnerability in Eli's WordCents adSense Widget with Analytics plugin.

Official resources

CVE-2025-68872 CVE record
CVE.org
CVE-2025-68872 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected]

CVE-2025-68872 was published on 2026-06-15T21:16:38.560Z and modified on 2026-06-15T21:24:32.790Z.