Plattform
wordpress
Komponente
evergreen-post-tweeter
Behoben in
1.8.10
CVE-2025-67622 identifies a Cross-Site Scripting (XSS) vulnerability within the Evergreen Post Tweeter plugin for WordPress. This vulnerability allows attackers to inject malicious scripts, potentially leading to account compromise or defacement of the website. The vulnerability impacts versions 0.0 up to and including 1.8.9. A patch is expected to be released by the vendor.
The XSS vulnerability in Evergreen Post Tweeter allows an attacker to inject arbitrary JavaScript code into a user's browser when they visit a compromised page. This can be exploited to steal session cookies, redirect users to phishing sites, or modify the content of the website. A successful attack could result in unauthorized access to user accounts, data theft, and damage to the website's reputation. The stored nature of the XSS means the malicious script persists, potentially affecting multiple users over time. This is similar to other XSS vulnerabilities where attackers leverage social engineering or compromised user input to deliver the payload.
CVE-2025-67622 was publicly disclosed on 2025-12-24. There is currently no indication of active exploitation campaigns targeting this vulnerability. The EPSS score is pending evaluation. No public proof-of-concept exploits are currently available.
Websites using the Evergreen Post Tweeter plugin, particularly those with user accounts or sensitive data, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one website could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r "evergreen-post-tweeter" /var/www/html/wp-content/plugins/
wp plugin list | grep evergreen-post-tweeter• generic web:
curl -I https://example.com/ | grep -i 'x-frame-options'disclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-67622 is to upgrade to a patched version of the Evergreen Post Tweeter plugin as soon as it becomes available. Until a patch is released, consider disabling the plugin if it is not essential. As a temporary workaround, implement strict input validation and output encoding on all user-supplied data within the plugin. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide a layer of protection. Monitor website traffic for suspicious activity and unusual script execution.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle eingehend und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-67622 is a Cross-Site Scripting (XSS) vulnerability in the Evergreen Post Tweeter WordPress plugin, allowing attackers to inject malicious scripts.
You are affected if you are using Evergreen Post Tweeter versions 0 through 1.8.9. Upgrade as soon as a patch is available.
Upgrade to the latest version of the Evergreen Post Tweeter plugin once a patch is released by the vendor. Until then, consider temporary workarounds like input validation.
Active exploitation is not yet confirmed, but the public disclosure increases the risk. Monitor your website for suspicious activity.
Check the Evergreen Post Tweeter plugin's official website or WordPress plugin repository for updates and security advisories.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.