Educare Cross-Site Scripting Can Happen When You Visit a Malicious Link

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Educare Cross-Site Scripting Can Happen When You Visit a Malicious Link

CVE-2025-67978

Summary

Using FixBD Educare version 1.6.1 or earlier, attackers can trick you into visiting a fake link that can steal your data or take control of your account. This is a risk because it can lead to unauthorized access to sensitive information. Update to the latest version of Educare to fix this issue.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1.

Original description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1.

nvd CVSS3.1 7.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/educare/vulnerability/wordpress...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026