cleantalk
Vulnerabilities and Security Researches

Counter live visitors for WooCommerce, CVE-2025-7359

CVE, Research URL

CVE-2025-7359

Home page URL

Security reports for Counter live visitors for WooCommerce

Application

Counter live visitors for WooCommerce

Published on
Jul 16, 2025
Research Description
The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. NOTE: This particular vulnerability deletes all the files in a targeted arbitrary directory rather than a specified arbitrary file, which can lead to loss of data or a denial of service condition.
Affected versions
Min -, max 1.3.6.
Status
vulnerable
Previous vulnerability researches
CRM and Lead Management by vcita (CVE-2024-13702) , Mar 27, 2025
CRM and Lead Management by vcita (CVE-2024-13703) , Mar 14, 2025
CRM and Lead Management by vcita (CVE-2023-2405) , Jun 07, 2024
CRM and Lead Management by vcita (CVE-2023-2404) , Jun 07, 2024
New vulnerability
Master Addons for Elementor (CVE-2025-5284) , Jul 20, 2025
Attachment Manager (CVE-2025-7643) , Jul 19, 2025
B1.lt (CVE-2025-6718) , Jul 19, 2025
B1.lt (CVE-2025-6717) , Jul 19, 2025
Widget for Google Reviews (CVE-2025-53565) , Jul 19, 2025