{"id":53059,"date":"2025-06-17T13:22:45","date_gmt":"2025-06-17T13:22:45","guid":{"rendered":""},"modified":"2025-09-10T11:55:38","modified_gmt":"2025-09-10T17:55:38","slug":"cve-2025-4387-arbitrary-file-upload-vulnerability-in-abandoned-cart-pro-for-woocommerce-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-4387-arbitrary-file-upload-vulnerability-in-abandoned-cart-pro-for-woocommerce-plugin\/","title":{"rendered":"CVE-2025-4387: Arbitrary File Upload Vulnerability in Abandoned Cart Pro for WooCommerce Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The vulnerability we are discussing today, CVE-2025-4387, has been discovered in the Abandoned Cart Pro for WooCommerce plugin. Effectively, it provides a backdoor to attackers wanting to compromise a site’s server and execute potentially harmful code. Anyone using versions up to, and including, 9.16.0 of this plugin is affected by this vulnerability<\/a>.
\nGiven the popularity of WooCommerce as an ecommerce platform, this vulnerability could potentially<\/a> impact a significant number of online businesses. The severity of this issue is further heightened by the fact that even an attacker with only subscriber-level access can exploit this vulnerability, leading to potential system<\/a> compromise or data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-4387
\nSeverity: High (CVSS score of 8.8)
\nAttack Vector: Authenticated Arbitrary File Upload<\/a>
\nPrivileges Required: Subscriber-level Access
\nUser Interaction: Required
\nImpact: Potential system compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n