VulnerAlert



WORDPRESS
16-07-2025 04:20

CVE-2025-7359 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#plugin
#data
#woocommerce
#server
#vulnerability
#deletion
#attackers
#authenticated
#arbitrary
#vulnerable
#denial
#attack
Descripción
The Counter live visitors for WooCommerce plugin WordPress is vulnerable to arbitrary file deletion due insufficient path validation in the wcvisitor_get_block function all versions up to, and including, 1.3.6. This makes it possible unauthenticated attackers delete files on server. NOTE: particular vulnerability deletes a targeted directory rather than specified file, which can lead loss of data or denial service condition.
https://plugins.trac.wordpress.org/browser/counter-visitor-for-woocommerce/tags/1.3.6/woo-counter-visitor.php#L378
https://www.wordfence.com/threat-intel/vulnerabilities/id/ae13dc61-c4bf-4b17-8055-98c80a853a2a?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-7359
Resultados similares
Coincidentes en almenos en 50% de los tags
16-07-2025 CVE-2025-31427
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabil...
Ver información
16-07-2025 CVE-2025-31422
Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress ...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por