{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68836", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-24T13:59:58.565Z", "datePublished": "2026-03-19T08:33:02.946Z", "dateUpdated": "2026-03-19T13:31:38.180Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-19T08:33:02.946Z"}, "title": "WordPress Table of Contents Creator plugin <= 1.6.4.1 - Reflected Cross Site Scripting (XSS) vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "affected": [{"vendor": "Markbeljaars", "product": "Table of Contents Creator", "collectionURL": "https://wordpress.org/plugins", "packageName": "table-of-contents-creator", "versions": [{"status": "affected", "version": "n/a", "lessThanOrEqual": "1.6.4.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents Creator: from n/a through 1.6.4.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.<p>This issue affects Table of Contents Creator: from n/a through 1.6.4.1.</p>"}]}], "tags": ["x_open-source"], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/table-of-contents-creator/vulnerability/wordpress-table-of-contents-creator-plugin-1-6-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}}], "credits": [{"lang": "en", "value": "Skalucy | Patchstack Bug Bounty Program", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T13:20:33.759858Z", "id": "CVE-2025-68836", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:31:38.180Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-68836", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T13:20:33.759858Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:31:22.526Z"}}], "cna": {"tags": ["x_open-source"], "title": "WordPress Table of Contents Creator plugin <= 1.6.4.1 - Reflected Cross Site Scripting (XSS) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Skalucy | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Markbeljaars", "product": "Table of Contents Creator", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.6.4.1"}], "packageName": "table-of-contents-creator", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/table-of-contents-creator/vulnerability/wordpress-table-of-contents-creator-plugin-1-6-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents Creator: from n/a through 1.6.4.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.<p>This issue affects Table of Contents Creator: from n/a through 1.6.4.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-19T08:33:02.946Z"}}}, "cveMetadata": {"cveId": "CVE-2025-68836", "state": "PUBLISHED", "dateUpdated": "2026-03-19T13:31:38.180Z", "dateReserved": "2025-12-24T13:59:58.565Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-19T08:33:02.946Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents Creator: from n/a through 1.6.4.1."}], "id": "CVE-2025-68836", "lastModified": "2026-03-19T13:25:00.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-03-19T09:16:16.767", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/table-of-contents-creator/vulnerability/wordpress-table-of-contents-creator-plugin-1-6-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.6.4.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Table of Contents Creator", "source": "cna", "vendor": "Markbeljaars"}, "product": "table_of_contents_creator", "vendor": "markbeljaars"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T09:50:39.411463+00:00", "value": {"mitigation_remediation": ["Upgrade the Table of Contents Creator plugin to a version newer than 1.6.4.1 (or apply the vendor patch if available).", "If an upgrade cannot be performed immediately, disable or uninstall the plugin to eliminate the vulnerability.", "Monitor the vendor\u2019s website or security advisories for new patches or updates."], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011Site Scripting (Reflected XSS)"}, "threat_synthesis": {"affected_systems": "All installations of Markbeljaars Table of Contents Creator up to and including version 1.6.4.1 are affected. The supplier\u2019s product list confirms Markbeljaars:Table of Contents Creator, and the description states \"from n/a through 1.6.4.1.\" Accordingly, any WordPress site running this plugin at or below that version is vulnerable.", "description_and_impact": "The vulnerability is an Improper Neutralization of Input During Web Page Generation that allows Reflected Cross\u2011Site Scripting (XSS) in the Markbeljaars Table of Contents Creator plugin. When the plugin receives user\u2011supplied data through certain request parameters, it fails to escape the input before rendering the page, causing malicious script to be reflected back to the browser. The weakness is identified as CWE\u201179 and can enable an attacker to inject and execute arbitrary JavaScript in the context of a victim\u2019s browser session.", "risk_and_exploitability": "The CVSS score of 7.1 indicates medium\u2011to\u2011high severity. EPSS data is not available and the flaw is not listed in KEV, suggesting limited known exploitation. The likely attack vector involves a crafted URL that includes malicious input; a user who visits the URL will have the script executed in their browser. This requires user interaction but can be leveraged through social engineering or phishing to deliver the payload. Prompt patching is recommended due to the medium\u2011to\u2011high risk level."}}}}, "created": "2026-03-20T08:57:06.631620+00:00", "updated": "2026-03-20T14:15:23.134367+00:00", "vendors": ["markbeljaars", "markbeljaars$PRODUCT$table_of_contents_creator", "wordpress", "wordpress$PRODUCT$wordpress"]}