PatchSiren cyber security CVE debrief
CVE-2025-68075 Kerry CVE debrief
CVE-2025-68075 is a medium-severity vulnerability in BNE Testimonials, a WordPress plugin. The issue, classified as a Contributor Cross Site Scripting (XSS) vulnerability, exists in versions up to 2.0.8. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6.5, indicating a medium severity level. The vulnerability was published on June 26, 2026, and last modified on June 29, 2026. The CVE was assigned by CVE.org, and additional details are available from the National Vulnerability Database (NVD).
- Vendor
- Kerry
- Product
- BNE Testimonials
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-26
- Original CVE updated
- 2026-06-29
- Advisory published
- 2026-06-26
- Advisory updated
- 2026-06-29
Who should care
Administrators and users of WordPress sites utilizing the BNE Testimonials plugin, especially those with contributor roles, should be aware of this vulnerability. The XSS vulnerability could potentially allow contributors to inject malicious scripts, affecting site security and user interactions. Given the medium severity, it's essential for users to ensure they are running a patched version of the plugin.
Technical summary
The CVE-2025-68075 vulnerability is a Contributor Cross Site Scripting (XSS) issue in the BNE Testimonials WordPress plugin, affecting versions up to 2.0.8. The vulnerability has a CVSS score of 6.5 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability can be exploited over the network with low privileges required, and user interaction is necessary. Successful exploitation could lead to limited confidentiality, integrity, and availability impacts. The CWE-79 weakness is associated with this vulnerability, which refers to Improper Neutralization of Input During Web Page Generation.
Defensive priority
Given the medium severity of CVE-2025-68075, defenders should prioritize patching or mitigating this vulnerability, especially in environments where contributors have the ability to create content. Implementing additional security measures, such as Content Security Policy (CSP) and input validation, can also help reduce the risk of exploitation.
Recommended defensive actions
- Update the BNE Testimonials plugin to a version beyond 2.0.8 if available.
- Implement Content Security Policy (CSP) to help mitigate XSS attacks.
- Monitor user-generated content and contributor roles for suspicious activity.
- Regularly review and update plugins and themes to ensure they are compatible and secure.
- Consider implementing a Web Application Firewall (WAF) to detect and prevent XSS attacks.
Evidence notes
The CVE-2025-68075 vulnerability details are based on information from CVE.org and the National Vulnerability Database (NVD). The vulnerability was reported by Patchstack and is associated with CWE-79. The CVSS score and vector provide a quantitative measure of the vulnerability's severity and characteristics.
Official resources
-
CVE-2025-68075 CVE record
CVE.org
-
CVE-2025-68075 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
This article is AI-assisted and based on the supplied source corpus.