प्लेटफ़ॉर्म
wordpress
घटक
table-of-contents-creator
में ठीक किया गया
1.6.5
CVE-2025-68836 describes a Reflected Cross-Site Scripting (XSS) vulnerability discovered in the Table of Contents Creator WordPress plugin. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to account compromise or data theft. The vulnerability affects versions of the plugin from n/a up to and including 1.6.4.1, and a fix is available in version 1.6.4.1.
Successful exploitation of CVE-2025-68836 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser. This can be achieved by crafting a malicious URL containing the XSS payload and enticing a victim to click on it. The attacker could then steal session cookies, redirect the user to a phishing site, or deface the website. The impact is particularly severe if the website handles sensitive user data, as an attacker could potentially gain access to confidential information. The reflected nature of the XSS means the attack requires user interaction, but the potential consequences are still significant.
CVE-2025-68836 was publicly disclosed on 2026-03-19. No public proof-of-concept (PoC) code has been identified at the time of writing. The EPSS score is currently pending evaluation. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Websites using the Table of Contents Creator plugin, particularly those with user authentication or handling sensitive data, are at risk. Shared hosting environments where plugin updates are managed by the hosting provider may be particularly vulnerable if they haven't applied the update.
• wordpress / composer / npm:
grep -r "<script" /var/www/html/wp-content/plugins/table-of-contents-creator/• wordpress / composer / npm:
wp plugin list --status=all | grep "table-of-contents-creator"• wordpress / composer / npm:
wp plugin update table-of-contents-creatordisclosure
एक्सप्लॉइट स्थिति
EPSS
0.04% (11% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-68836 is to immediately upgrade the Table of Contents Creator plugin to version 1.6.4.1 or later. If upgrading is not immediately feasible, consider implementing input validation and output encoding on user-supplied data within the plugin's templates to reduce the attack surface. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of protection. Regularly scan your WordPress installation for vulnerable plugins using security scanning tools.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-68836 is a Reflected XSS vulnerability in the Table of Contents Creator WordPress plugin, allowing attackers to inject malicious scripts via crafted URLs.
You are affected if you are using Table of Contents Creator versions prior to 1.6.4.1. Upgrade immediately to mitigate the risk.
Upgrade the Table of Contents Creator plugin to version 1.6.4.1 or later. Consider input validation and WAF rules as additional protections.
There are currently no confirmed reports of active exploitation, but it's crucial to apply the patch promptly.
Refer to the plugin developer's website or WordPress plugin repository for the latest advisory and update information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।