Overview
CVE-2025-11727 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability discovered in the “Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto” plugin for WordPress. This vulnerability affects all versions up to and including 1.3.65. It allows unauthenticated attackers to inject malicious JavaScript code into pages, which is then executed whenever a user accesses those pages. This can lead to account compromise, data theft, and other malicious activities.
Technical Details
The vulnerability resides in the sync() function of the Codisto plugin. The root cause is insufficient input sanitization and output escaping of user-supplied data before it is stored in the WordPress database and subsequently displayed to users. Specifically, the plugin fails to properly validate and encode data passed to the sync() function, allowing an attacker to inject arbitrary JavaScript code. The vulnerability is present in following files and lines:
An attacker can exploit this vulnerability by sending a crafted request to the WordPress server with malicious JavaScript code embedded in the payload. This code is then stored in the database and executed when an administrator or other user views the affected page within the WordPress admin panel or potentially the frontend, depending on how the plugin renders the data.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-11727 is 7.2, which is considered HIGH severity. The CVSS vector string would likely be something like:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
This translates to:
- AV:N (Attack Vector: Network) – The vulnerability is exploitable over the network.
- AC:L (Attack Complexity: Low) – Exploiting the vulnerability requires little to no specialized access conditions or extenuating circumstances.
- PR:N (Privileges Required: None) – No privileges are required to perform an attack.
- UI:R (User Interaction: Required) – User interaction is required to trigger the vulnerability (e.g., clicking a malicious link or viewing a page with injected script).
- S:C (Scope: Changed) – An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component.
- C:L (Confidentiality: Low) – There is limited disclosure of information assets.
- I:L (Integrity: Low) – There is limited modification of data.
- A:N (Availability: None) – There is no impact to availability.
Possible Impact
Successful exploitation of this vulnerability could have severe consequences, including:
- Account Compromise: Attackers can steal administrator credentials and gain full control of the WordPress site.
- Malware Distribution: Attackers can inject malicious code that redirects users to phishing sites or downloads malware onto their computers.
- Data Theft: Attackers can steal sensitive data, such as customer information, order details, and payment information.
- Defacement: Attackers can modify the website’s content to spread propaganda, deface the site, or damage its reputation.
Mitigation and Patch Steps
The most important step is to update the Codisto plugin to the latest version as soon as possible. Check the WordPress plugin repository or the Codisto website for available updates.
If an update is not immediately available, consider the following temporary mitigations (though these are not a substitute for patching):
- Disable the Codisto Plugin: Temporarily disabling the plugin will prevent exploitation of the vulnerability.
- Web Application Firewall (WAF): Implement a WAF with rules to detect and block XSS attacks targeting the Codisto plugin.
- Monitor for Suspicious Activity: Carefully monitor WordPress logs for any unusual or suspicious activity that may indicate exploitation of the vulnerability.
