{"id":59668,"date":"2025-07-26T23:26:52","date_gmt":"2025-07-26T23:26:52","guid":{"rendered":""},"modified":"2025-09-16T12:32:22","modified_gmt":"2025-09-16T18:32:22","slug":"cve-2025-7359-arbitrary-file-deletion-vulnerability-in-counter-live-visitors-for-woocommerce-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-7359-arbitrary-file-deletion-vulnerability-in-counter-live-visitors-for-woocommerce-plugin\/","title":{"rendered":"CVE-2025-7359: Arbitrary File Deletion Vulnerability in Counter live visitors for WooCommerce Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The Counter live visitors for WooCommerce plugin for WordPress, a widely used e-commerce solution, has recently been identified as having a significant security vulnerability. This vulnerability, catalogued as CVE-2025-7359, is present in all versions up to, and including, 1.3.6. It enables attackers to delete arbitrary files<\/a> on the server, potentially causing data loss or a denial of service condition. Given the widespread usage of WordPress and WooCommerce, this vulnerability presents a substantial risk<\/a> to a significant number of websites and their users.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-7359
\nSeverity: High (8.2 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Data Loss, Denial of Service, Potential System<\/a> Compromise or Data Leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n