CVE-2023-7168 is a medium-severity vulnerability classified as CWE-79 (Cross-Site Scripting, XSS) affecting the Better Follow Button for Jetpack WordPress plugin up to version 8.0. The vulnerability arises because the plugin fails to properly sanitize and escape certain settings inputs. This flaw allows users with high privileges, such as administrators, to inject and store malicious scripts within the plugin's settings. Notably, this attack vector is exploitable even when the WordPress unfiltered_html capability is disabled, such as in multisite environments, which typically restricts HTML input for security reasons. The vulnerability requires high privilege (admin) and user interaction (an admin must save crafted input), but it can lead to stored XSS attacks that execute malicious JavaScript in the context of other administrators or users viewing the affected settings or plugin interface. The CVSS 3.1 base score is 4.8 (medium), reflecting network attack vector, low attack complexity, high privileges required, user interaction required, and partial impact on confidentiality and integrity but no impact on availability. No known exploits are currently reported in the wild, and no official patches or updates have been linked yet. The vulnerability was published on May 15, 2025, and assigned by WPScan. Stored XSS in admin settings can lead to session hijacking, privilege escalation, or persistent defacement, making it a significant risk in environments with multiple administrators or where admins might be targeted via social engineering or phishing to save malicious settings.

For European organizations using WordPress sites with the Better Follow Button for Jetpack plugin, this vulnerability poses a moderate risk. Organizations with multisite WordPress installations or multiple administrators are particularly vulnerable because the exploit bypasses typical HTML filtering restrictions. Successful exploitation could allow attackers to execute arbitrary JavaScript in the browsers of other administrators, potentially leading to credential theft, session hijacking, or further compromise of the WordPress environment. This can result in unauthorized access to sensitive data, defacement of websites, or use of the compromised site as a launchpad for further attacks. Given the widespread use of WordPress in Europe for corporate, governmental, and e-commerce websites, the vulnerability could impact confidentiality and integrity of data and disrupt administrative control. However, the requirement for high privileges and user interaction limits the attack surface primarily to insider threats or attackers who have already compromised an admin account. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as the vulnerability is publicly disclosed.

European organizations should immediately audit their WordPress installations to identify the presence of the Better Follow Button for Jetpack plugin, especially versions up to 8.0. Until an official patch is released, administrators should restrict plugin configuration access to the minimum number of trusted users and implement strict administrative policies to prevent unauthorized changes. Employing Web Application Firewalls (WAF) with custom rules to detect and block suspicious script injections in plugin settings can help mitigate exploitation attempts. Regular monitoring of admin activity logs for unusual changes or inputs is advised. Organizations should also educate administrators about the risks of saving untrusted input and encourage the use of strong, unique credentials combined with multi-factor authentication to reduce the risk of account compromise. Once a patch becomes available, prompt application is critical. Additionally, consider isolating multisite environments and limiting the use of plugins with known vulnerabilities until they are verified secure.