Cross-site Scripting Vulnerability in BNS Twitter Follow Button by Edward Caissie
CVE-2025-47578

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Bns Twitter Follow Button
Vendor: CVE Published:; 12 May 2025

What is CVE-2025-47578?

The BNS Twitter Follow Button, developed by Edward Caissie, suffers from a cross-site scripting vulnerability. This flaw allows attackers to execute arbitrary JavaScript in the context of the user's session. When users interact with the compromised plugin, malicious scripts may be injected and executed in their browser, potentially leading to data theft or session hijacking. All versions of the plugin up to 0.3.8 are impacted, highlighting the importance of timely updates and security patches.

Affected Version(s)

BNS Twitter Follow Button <= 0.3.8

References

https://patchstack.com/database/wordpress/plugin/bns-twit...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
May 7, 2025

Credit

Chu The Anh - Blue Rock (Patchstack Alliance)