CVE-2025-7359 – WooCommerce Counter Live Visitors File Deletion Arbitrary Directory Vulnerability

CVE ID : CVE-2025-7359

Published : July 16, 2025, 7:15 a.m. | 1 hour, 19 minutes ago

Description : The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. NOTE: This particular vulnerability deletes all the files in a targeted arbitrary directory rather than a specified arbitrary file, which can lead to loss of data or a denial of service condition.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…