CVE-2025-11727
📋 TL;DR
This stored XSS vulnerability in the Omnichannel for WooCommerce plugin allows unauthenticated attackers to inject malicious scripts that execute when users view affected pages. All WordPress sites using this plugin up to version 1.3.65 are vulnerable, potentially compromising user sessions and site integrity.
💻 Affected Systems
- Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Session hijacking, credential theft from users, defacement of public-facing pages, and malware distribution to visitors.
If Mitigated
With proper WAF rules and CSP headers, script execution could be blocked, limiting impact to script injection without execution.
🎯 Exploit Status
The vulnerability requires no authentication and exploitation is straightforward given the public code references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.66 or later
Vendor Advisory: https://wordpress.org/plugins/codistoconnect/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Omnichannel for WooCommerce' plugin. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.3.66+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the plugin until patched
wp plugin deactivate codistoconnect
Implement Content Security Policy
allAdd CSP headers to block inline script execution
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to block XSS payloads
- Disable plugin functionality or restrict access to affected endpoints
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed PluginsCheck Version:
wp plugin get codistoconnect --field=versionVerify Fix Applied:
Verify plugin version is 1.3.66 or higher and test sync() function with XSS payloads📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to plugin endpoints
- JavaScript payloads in request parameters
- Multiple failed XSS attempts
Network Indicators:
- Malicious script tags in HTTP traffic to plugin endpoints
- Unusual outbound connections after page views
SIEM Query:
source="wordpress.log" AND "codistoconnect" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")🔗 References
- https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L2101
- https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L2117
- https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L3063
- https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L3248
- https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L3249
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f4e3b796-af9a-4403-8d9a-1b56d7253b45?source=cve
