CVE-2023-37873
📋 TL;DR
This vulnerability allows unauthenticated attackers to inject malicious scripts via reflected cross-site scripting (XSS) in the WooCommerce Shipping Multiple Addresses plugin. When exploited, it can lead to session hijacking, credential theft, or website defacement. WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WooCommerce Shipping Multiple Addresses
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator credentials, take over the WordPress site, install backdoors, and compromise customer data including payment information.
Likely Case
Attackers hijack user sessions, redirect visitors to malicious sites, or deface the website with malicious content.
If Mitigated
With proper input validation and output encoding, the attack is prevented, though the vulnerable code path remains present.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly exploited and require minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.8.6 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WooCommerce Shipping Multiple Addresses'. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the plugin until patched
wp plugin deactivate woocommerce-shipping-multiple-addresses
Implement WAF rules
linuxAdd web application firewall rules to block XSS payloads
ModSecurity rule: SecRule ARGS "<script" "id:1001,phase:2,deny"
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Use web application firewall to filter malicious input
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins > Installed PluginsCheck Version:
wp plugin get woocommerce-shipping-multiple-addresses --field=versionVerify Fix Applied:
Verify plugin version is 3.8.6 or higher after update📡 Detection & Monitoring
Log Indicators:
- Unusual GET/POST requests with script tags or JavaScript payloads
- Multiple 404 errors with suspicious parameters
Network Indicators:
- HTTP requests containing <script> tags or JavaScript in URL parameters
- Unusual referrer headers with encoded payloads
SIEM Query:
source="web_access.log" AND ("<script" OR "javascript:" OR "onload=" OR "onerror=") AND uri_path="/wp-content/plugins/woocommerce-shipping-multiple-addresses/"🔗 References
- https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
