cleantalk
Vulnerabilities and Security Researches

Bon Toolkit, CVE-2025-4589

CVE, Research URL

CVE-2025-4589

Home page URL

Security reports for Bon Toolkit

Application

Bon Toolkit

Published on
May 15, 2025
Research Description
The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.3.2.
Status
vulnerable
Previous vulnerability researches
Emails Blacklist for Everest Forms (4e0b8221f9787e16f8849dff3026eadc73126b28) , Jun 07, 2024
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2024-8542) , Oct 24, 2024
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2024-13125) , Feb 16, 2025
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2025-3439) , Apr 11, 2025
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2025-1128) , Mar 01, 2025
New vulnerability
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2024-13486) , May 16, 2025
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2024-13482) , May 16, 2025
Calculated Fields Form (CVE-2024-13382) , May 16, 2025
Jetpack Boost – Website Speed, Performance and Critical CSS (CVE-2024-10076) , May 16, 2025
百度站长SEO合集(支持百度/神马/Bing/头条推送) (CVE-2025-3917) , May 16, 2025