CVE Catalog
CVE-2025-68075
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.16%
6th percentile — higher than 6% of all known CVEs
Summary
The BNE Testimonials plugin version 2.0.8 and earlier contains a Cross Site Scripting (XSS) vulnerability from contributors. This allows injection of malicious JavaScript code by content authors.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or perform other unauthorized actions in the victim's browser context.
Recommendation
Immediately update the BNE Testimonials plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions.

