CVE-2023-47179
📋 TL;DR
CVE-2023-47179 is a missing authorization vulnerability in ByConsole WooODT Lite WordPress plugin that allows attackers to modify arbitrary site options without proper authentication. This affects all WooODT Lite plugin installations from initial versions through 2.4.6. Attackers can exploit this to change critical WordPress settings, potentially compromising site security.
💻 Affected Systems
- ByConsole WooODT Lite WordPress Plugin
📦 What is this software?
Wooodt Lite by Byconsole
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover through privilege escalation, data manipulation, or injection of malicious code via modified site options.
Likely Case
Unauthorized modification of WordPress settings leading to SEO spam, defacement, or injection of malicious redirects/scripts.
If Mitigated
Limited impact with proper network segmentation and monitoring, though unauthorized setting changes could still occur.
🎯 Exploit Status
Requires some WordPress knowledge but no authentication. Attackers need to identify vulnerable endpoints and craft appropriate requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.4.7 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'ByConsole WooODT Lite' and check for updates. 4. Update to version 2.4.7 or later. 5. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
WordPressTemporarily disable the WooODT Lite plugin until patched
wp plugin deactivate byconsole-woo-order-delivery-time
Restrict admin access
allLimit access to WordPress admin area to trusted IP addresses only
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests to vulnerable plugin endpoints
- Enable detailed logging of all WordPress admin actions and monitor for unauthorized option changes
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'ByConsole WooODT Lite' version 2.4.6 or earlierCheck Version:
wp plugin get byconsole-woo-order-delivery-time --field=versionVerify Fix Applied:
Verify plugin version shows 2.4.7 or later in WordPress admin plugins list📡 Detection & Monitoring
Log Indicators:
- Unauthorized POST requests to /wp-admin/admin-ajax.php with action parameters related to wooodt
- Unexpected modifications to wp_options table in database logs
Network Indicators:
- HTTP requests to WordPress admin endpoints from unauthorized IP addresses
- Unusual POST parameters being sent to admin-ajax.php
SIEM Query:
source="wordpress.log" AND ("admin-ajax.php" AND "wooodt") AND status=200