CVE-2025-48324

Vulnerability

Overview The tli.tl auto Twitter poster (tlitl-auto-twitter-poster) plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation [1]. Versions from n/a through and including 3.4 are affected. This flaw enables an authenticated attacker with sufficient privileges to inject arbitrary web scripts into the plugin's pages, which are then stored and executed in the browsers of other users, including site visitors [1].

Exploitation

Requirements Exploitation requires a user with a role that can post or update content via the plugin; however, the vulnerability also depends on another privileged user (e.g., an administrator) performing an action such as visiting a crafted page or clicking a malicious link [1]. The attack is remote and does not require special network access beyond what is normally available to a WordPress admin panel. Once the malicious script is stored, it will execute automatically when any user (including site guests) loads the affected page [1].

Potential

Impact Successful exploitation allows an attacker to inject arbitrary HTML and JavaScript payloads. This can be used to redirect visitors to malicious sites, display advertisements, steal session cookies, or perform other actions within the context of the victim's browser [1]. Such stored XSS vulnerabilities are commonly leveraged in mass-exploit campaigns targeting thousands of WordPress sites simultaneously [1].

Mitigation and

Patch Status As of the publication date (2025-08-28), no patch is available for versions 3.4 and earlier; users are advised to update the plugin immediately to the latest patched version if one becomes available, or to contact their hosting provider for assistance [1]. The vulnerability is classified as Medium severity (CVSS v3 base score 5.9) and requires user interaction for initial exploitation [1].