CVE-2025-7359 in Counter Live Visitors for WooCommerce Plugininfo

Summary

by MITRE • 07/16/2025

The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. NOTE: This particular vulnerability deletes all the files in a targeted arbitrary directory rather than a specified arbitrary file, which can lead to loss of data or a denial of service condition.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/16/2025

The vulnerability identified as CVE-2025-7359 affects the Counter live visitors for WooCommerce plugin, a WordPress extension designed to track and display real-time visitor statistics on e-commerce websites. This plugin, which integrates seamlessly with WooCommerce platforms, has been found to contain a critical security flaw that exposes web servers to unauthorized file deletion operations. The vulnerability exists within the wcvisitor_get_block function, a core component responsible for generating visitor counter blocks on WordPress sites. Security researchers have determined that all versions of this plugin up to and including version 1.3.6 are susceptible to this flaw, creating a significant risk for WordPress administrators who have not yet updated their installations.

The technical root cause of this vulnerability stems from inadequate input validation within the file path handling mechanism of the wcvisitor_get_block function. Specifically, the plugin fails to properly sanitize or validate user-supplied input that determines which directory paths should be accessed or modified. This insufficient validation creates a path traversal condition that allows attackers to manipulate the function's behavior and target arbitrary directories on the server filesystem. The vulnerability is particularly concerning because it operates without requiring authentication, meaning any remote attacker can exploit this flaw simply by accessing specific endpoints or parameters within the plugin's functionality. The implementation flaw creates a direct pathway for attackers to execute destructive operations against targeted server directories.

The operational impact of this vulnerability extends beyond simple data exposure to encompass serious service disruption and potential data loss scenarios. Attackers exploiting this vulnerability can delete all files within any arbitrary directory they target, potentially leading to complete website compromise or denial of service conditions. This destructive capability means that an attacker could target critical system directories, plugin directories, or even the WordPress core files, resulting in complete site destruction. The vulnerability's potential for causing widespread damage is amplified by the fact that it affects a widely used plugin, increasing the attack surface and making it more likely for exploitation. Organizations running vulnerable versions of this plugin face significant risk of data loss, service interruption, and potential regulatory compliance violations due to the unauthorized modification of their web server environments.

Mitigation strategies for CVE-2025-7359 should prioritize immediate plugin version updates to the latest available release that contains patches for this vulnerability. System administrators should also implement additional defensive measures including restricting access to plugin endpoints through web application firewalls and implementing proper input validation at multiple layers of the application architecture. Network-level protections such as rate limiting and access controls can help reduce the likelihood of exploitation attempts. The vulnerability aligns with CWE-22 Path Traversal and CWE-77 Path Traversal issues, which are categorized under the broader ATT&CK framework as T1059 Command and Scripting Interpreter and T1485 Data Destruction. Organizations should also consider implementing comprehensive monitoring and logging of file system operations to detect potential exploitation attempts and maintain audit trails for forensic analysis. Regular security assessments and vulnerability scanning should be conducted to identify similar issues in other plugins and themes that may present similar security weaknesses.

Sources

Do you know our Splunk app?

Download it now for free!