CVE-2023-45006
📋 TL;DR
This vulnerability allows unauthenticated attackers to inject malicious scripts into web pages via the ByConsole WooODT Lite WordPress plugin. When exploited, it can lead to session hijacking, credential theft, or website defacement. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location
📦 What is this software?
Wooodt Lite by Byconsole
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, or redirect users to malicious sites.
Likely Case
Attackers would typically steal user session cookies to hijack accounts or display phishing content to visitors.
If Mitigated
With proper web application firewalls and input validation, the attack would be blocked before reaching the vulnerable code.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly exploited using simple payloads. Attackers can craft malicious URLs that execute scripts when visited.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.7 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'ByConsole WooODT Lite' and click 'Update Now'. 4. Verify the plugin version is 2.4.7 or higher.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy a WAF to block XSS payloads before they reach the vulnerable plugin.
Disable Plugin
linuxTemporarily disable the plugin until patched, though this will break delivery/pickup functionality.
wp plugin deactivate byconsole-woo-order-delivery-time
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Use input validation and output encoding at the application level
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > ByConsole WooODT Lite. If version is 2.4.6 or lower, you are vulnerable.Check Version:
wp plugin get byconsole-woo-order-delivery-time --field=versionVerify Fix Applied:
After updating, verify the plugin shows version 2.4.7 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual GET/POST requests containing script tags or JavaScript payloads to plugin endpoints
- Multiple failed XSS attempts in web server logs
Network Indicators:
- HTTP requests with suspicious parameters containing <script>, javascript:, or encoded payloads
SIEM Query:
source="web_logs" AND ("byconsole" OR "wooodt") AND ("<script>" OR "javascript:" OR "%3Cscript%3E")🔗 References
- https://patchstack.com/database/vulnerability/byconsole-woo-order-delivery-time/wordpress-wooodt-lite-plugin-2-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/byconsole-woo-order-delivery-time/wordpress-wooodt-lite-plugin-2-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
