Description
Unauthenticated Cross Site Scripting (XSS) in Eli&#039;s WordCents adSense Widget with Analytics <= 1.3.03.27 versions.
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unauthenticated Reflected Cross Site Scripting exists in Eli's WordCents adSense Widget with Analytics plugin versions 1.3.03.27 and earlier, allowing an attacker to inject malicious scripts into the page content. The vulnerability is a classic CWE‑79 flaw.

Affected Systems

All installations running version 1.3.03.27 or older are impacted. Later releases may contain a fix.

Risk and Exploitability

The CVSS score is 7.1, indicating high severity. The EPSS score of <1% shows a low likelihood of exploitation in the near term, and it is not listed in the CISA KEV catalog. Based on the description stating “Unauthenticated”, it is inferred that the likely attack vector involves crafting a malicious URL or input that the plugin echoes without proper encoding, enabling the attacker to run scripts in the victim’s browser.

Generated by OpenCVE AI on June 17, 2026 at 23:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of the Eli's WordCents adSense Widget with Analytics plugin.
  • Disable or uninstall the plugin if an update is not available and the functionality is not critical.
  • Implement a strong content security policy that disallows inline scripts and restricts script sources to trusted domains.

Generated by OpenCVE AI on June 17, 2026 at 23:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Eli
Eli eli&#039;s Wordcents Adsense Widget With Analytics
Wordpress
Wordpress wordpress
Vendors & Products Eli
Eli eli&#039;s Wordcents Adsense Widget With Analytics
Wordpress
Wordpress wordpress

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Cross Site Scripting (XSS) in Eli&#039;s WordCents adSense Widget with Analytics <= 1.3.03.27 versions.
Title WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}


Subscriptions

Eli Eli&#039;s Wordcents Adsense Widget With Analytics
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-16T17:12:28.652Z

Reserved: 2025-12-24T14:00:24.760Z

Link: CVE-2025-68872

cve-icon Vulnrichment

Updated: 2026-06-16T13:30:11.030Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T21:16:38.560

Modified: 2026-06-15T21:24:32.790

Link: CVE-2025-68872

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:08:06Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')