{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4589", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-12T15:17:10.936Z", "datePublished": "2025-05-15T03:21:38.214Z", "dateUpdated": "2026-04-08T16:51:18.928Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:18.928Z"}, "affected": [{"vendor": "nackle2k10", "product": "Bon Toolkit", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Bon Toolkit <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cafec05-c275-475d-91cf-ed65cd191b0e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/bon-toolkit/trunk/includes/shortcodes.php#L71"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "timeline": [{"time": "2025-05-14T14:24:29.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-15T14:24:12.126801Z", "id": "CVE-2025-4589", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T14:25:58.600Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4589", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-15T14:24:12.126801Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T14:25:46.227Z"}}], "cna": {"title": "Bon Toolkit <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "nackle2k10", "product": "Bon Toolkit", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-14T14:24:29.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cafec05-c275-475d-91cf-ed65cd191b0e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/bon-toolkit/trunk/includes/shortcodes.php#L71"}], "descriptions": [{"lang": "en", "value": "The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:18.928Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4589", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:51:18.928Z", "dateReserved": "2025-05-12T15:17:10.936Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-15T03:21:38.214Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Bon Toolkit para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del shortcode 'bt-map' del complemento en todas las versiones hasta la 1.3.2 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-4589", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-15T04:16:17.527", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bon-toolkit/trunk/includes/shortcodes.php#L71"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cafec05-c275-475d-91cf-ed65cd191b0e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:32:55.818481+00:00", "value": {"mitigation_remediation": ["Upgrade Bon Toolkit to the latest released version (any version newer than 1.3.2).", "Search the site\u2019s database for any posts, pages, or content that include the bt\u2011map shortcode, and remove or clean any injected scripts before the upgrade.", "Restrict or disable contributor privileges for accounts that are not explicitly trusted, or temporarily revoke such permissions while the vulnerability is addressed."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "All WordPress installations that include Bon Toolkit version 1.3.2 or earlier and have enabled the bt\u2011map shortcode are affected. The flaw requires an account with contributor or higher privileges to add or edit content containing the shortcode; therefore, any site that allows such contributors to modify posts or pages where the shortcode may appear is vulnerable.", "description_and_impact": "The Bon Toolkit plugin\u2019s bt\u2011map shortcode contains a stored cross\u2011site scripting flaw that allows an authenticated user with contributor\u2011level permissions to insert arbitrary JavaScript into the page content. The injected code is saved to the database and is rendered to every visitor who loads a page that contains the shortcode, leading to persistent client\u2011side script execution. This vulnerability is a classic example of a CWE\u201179 weakness caused by insufficient input validation and output escaping.", "risk_and_exploitability": "With a CVSS score of 6.4 the issue is classified as moderate severity, and an EPSS score of less than 1\u202f% indicates a low current exploitation probability. The attack vector is inferred to be the use of the provided shortcode by a contributor who can edit content; an attacker who compromises or is granted such credentials can persist malicious scripts that run for all site visitors until the plugin is updated or the content is sanitized. The CVE is not listed in the CISA KEV catalog."}}}}, "created": "2026-04-22T01:45:05.618396+00:00", "updated": "2026-04-22T01:45:05.618407+00:00", "vendors": []}