CVE-2025-69140

🗓️ 17 Jun 2026 12:47:25Reported by PatchstackType

The CVE is for WordPress SweetDate Core plugin versions before 1.1.5, which are affected by an unauthenticated reflected XSS vulnerability. Root cause details aren’t provided in the documents, but the issue is tied to SweetDate Core

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability	17 Jun 202612:47	–	cvelist
EUVD	EUVD-2025-210260	17 Jun 202618:35	–	euvd
NVD	CVE-2025-69140	17 Jun 202614:17	–	nvd
Patchstack	WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability	26 May 202607:56	–	patchstack
Positive Technologies	PT-2026-50392	17 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability	17 Jun 202612:47	–	vulnrichment

Vulners

Node

seventhqueen sweetdate_coreRange<1.1.5wordpress

[
  {
    "vendor": "SeventhQueen",
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "sweetdate-core",
    "product": "SweetDate Core",
    "versions": [
      {
        "lessThan": "1.1.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom",
        "changes": [
          {
            "at": "1.1.5",
            "status": "unaffected"
          }
        ]
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/wordpress/plugin/sweetdate-core/vulnerability/wordpress-sweetdate-core-plugin-1-1-5-reflected-cross-site-scripting-xss-vulnerability

17 Jun 2026 15:16Current

5.1Medium risk

Vulners AI Score5.1

CVSS 3.17.1

SSVC

CWE-79