cleantalk
Vulnerabilities and Security Researches

Counter live visitors for WooCommerce, CVE-2025-7359

CVE, Research URL

CVE-2025-7359

Home page URL

Security reports for Counter live visitors for WooCommerce

Application

Counter live visitors for WooCommerce

Published on
Jul 16, 2025
Research Description
The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. NOTE: This particular vulnerability deletes all the files in a targeted arbitrary directory rather than a specified arbitrary file, which can lead to loss of data or a denial of service condition.
Affected versions
Min -, max 1.3.6.
Status
vulnerable
Previous vulnerability researches
Theme Builder For Elementor (CVE-2024-10782) , Nov 23, 2024
Theme Builder For Elementor (CVE-2025-54033) , Jul 18, 2025
New vulnerability
DB Backup (CVE-2025-50031) , Jul 19, 2025
Vchasno Kasa (CVE-2025-6720) , Jul 19, 2025
Vchasno Kasa (CVE-2025-6721) , Jul 19, 2025
Media Library Assistant (CVE-2025-7035) , Jul 19, 2025
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025