Vulnerabilities and security researches forcounter-visitor-for-woocommerce counter-visitor-for-woocommerce

Jul 19, 2025

CVE, Research URL: CVE-2025-7359
Home page URL: Security reports for Counter live visitors for WooCommerce
Application: Counter live visitors for WooCommerce
Date: Jul 16, 2025
Research Description: The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. NOTE: This particular vulnerability deletes all the files in a targeted arbitrary directory rather than a specified arbitrary file, which can lead to loss of data or a denial of service condition.
Affected versions: Min -, max -.
Status: vulnerable