CVE-2025-68876

🗓️ 29 Dec 2025 16:05:23Reported by PatchstackType

CVE-2025-68876: Invelity SPS connect plugin for WordPress up to 1.0.8 has a reflected XSS.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-68876	29 Dec 202517:58	–	circl
CNNVD	WordPress plugin Invelity SPS connect 跨站脚本漏洞	29 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-68876 WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability	29 Dec 202516:05	–	cvelist
EUVD	EUVD-2025-205610	29 Dec 202518:30	–	euvd
NVD	CVE-2025-68876	29 Dec 202516:15	–	nvd
Patchstack	WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability	26 Dec 202508:28	–	patchstack
Positive Technologies	PT-2025-53747	29 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-68876	30 Dec 202517:09	–	redhatcve
Vulnrichment	CVE-2025-68876 WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability	29 Dec 202516:05	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (December 15, 2025 to January 4, 2026)	8 Jan 202618:20	–	wordfence

Vulners

Node

invelity invelity_sps_connectRange≤1.0.8wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "invelity-sps-connect",
    "product": "Invelity SPS connect",
    "vendor": "INVELITY",
    "versions": [
      {
        "lessThanOrEqual": "1.0.8",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/invelity-sps-connect/vulnerability/wordpress-invelity-sps-connect-plugin-1-0-8-reflected-cross-site-scripting-xss-vulnerability

28 Apr 2026 16:14Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.1

EPSS0.00025

SSVC

CWE-79