216.73.217.98

CVE-2025-7359

· Published 16/07/2025 07:15 · Modified 16/07/2025 14:58

Labels: CVE-2025-7359 2025-07-16CVE-2025-7359CWE-22[email protected]

Essential information

Published
16/07/2025 07:15
Modified
16/07/2025 14:58
Author
Creator
CVSS
8.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CVSS metrics

Description

The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. NOTE: This particular vulnerability deletes all the files in a targeted arbitrary directory rather than a specified arbitrary file, which can lead to loss of data or a denial of service condition.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / plugin cpe:2.3:a:wordpress:plugin:*:*:*:*:*:wordpress:*:*
woocommerce / counter live visitors cpe:2.3:a:woocommerce:counter_live_visitors:*:*:*:*:*:*:*:*

References