CVE-2025-11727
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codisto | codisto_channel_cloud | 1.3.65 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring HTTP requests to the sync endpoint of the Codisto plugin, specifically looking for requests with the 'X-CodistoNonce' and 'X-CodistoKey' headers. Suspicious or unauthorized requests that bypass the shared key authentication may indicate exploitation attempts. You can use network monitoring tools like tcpdump or Wireshark to capture HTTP traffic and filter for requests to the sync endpoint URL. For example, using curl to test authentication: curl -H 'X-CodistoNonce: <nonce>' -H 'X-CodistoKey: <key>' https://yourdomain.com/wp-admin/admin-ajax.php?action=codisto_sync&route=test -v This command tests the authentication mechanism and can help verify if the sync endpoint is accessible and responding correctly. Additionally, checking web server logs for unusual or repeated requests to the sync endpoint with missing or invalid headers can help detect attempts to exploit the vulnerability. [1]
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Omnichannel for WooCommerce plugin by Codisto. It occurs via the sync() function in versions up to 1.3.65 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject malicious scripts that execute when a user accesses the affected page.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute arbitrary scripts in the context of the affected website, potentially leading to theft of user data, session hijacking, defacement, or other malicious actions without requiring authentication.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Omnichannel for WooCommerce plugin to a version later than 1.3.65 where the vulnerability is fixed. If an update is not immediately available, restrict access to the sync endpoint by implementing firewall rules or web server access controls to allow only trusted IP addresses. Additionally, monitor and audit requests to the sync endpoint for unauthorized access attempts. Ensure that the shared key used for authentication is strong and changed if there is suspicion of compromise. Finally, consider disabling the plugin temporarily if it is not critical to operations until a patch is applied. [1]