CVE-2025-48347
BaseFortify
Publication date: 2025-08-28
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | bxslider_integration | 1.7.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48347 is a Cross Site Scripting (XSS) vulnerability in the bxSlider integration for WordPress plugin (versions up to 1.7.2). It allows attackers with contributor-level privileges to inject malicious scripts into web pages generated by the plugin. These scripts can execute when visitors access the affected website, potentially causing redirects, displaying unwanted advertisements, or executing other harmful HTML payloads. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized script execution on your website, which may result in malicious redirects, injection of unwanted advertisements, or other harmful actions affecting visitors. It poses risks typical of XSS attacks, such as compromising user data, session hijacking, or defacement of the website. Since the plugin is abandoned and no official fix is available, the risk remains unless a virtual patch is applied or the plugin is replaced. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability is challenging because plugin-based malware scanners may be unreliable. Since the vulnerability involves stored XSS in the bxSlider integration for WordPress, detection typically requires inspecting the affected plugin's input handling or monitoring for suspicious script injections in web pages generated by the plugin. No specific commands are provided for detection. Professional incident response services are recommended if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable bxSlider integration plugin with an alternative plugin, as no official fix or updated version is available. Applying a virtual patch (vPatch) from Patchstack can also provide rapid protection against exploitation. Deactivating the plugin alone does not eliminate the risk. Employing professional incident response services is advised if compromise is suspected. [1]