Counter Live Visitors for WooCommerce Unauthenticated Arbitrary File Deletion Vulnerability
Vulnerability
A vulnerability allowing unauthenticated arbitrary file deletion has been identified in the Counter Live Visitors for WooCommerce plugin for WordPress, affecting all versions through 1.3.6. The issue arises from inadequate file path validation in the 'wcvisitor_get_block' function, enabling attackers to delete arbitrary files from the server. Notably, this vulnerability removes all files in a targeted directory rather than a specific file, potentially leading to data loss or a denial-of-service condition.
Impact
Exploitation of this vulnerability allows for unauthorized deletion of files on the server, with the potential to disrupt service or cause data loss by removing files from targeted directories.
Remediation
No known patch is available. It is advisable to review the vulnerability details and consider uninstalling the affected plugin.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.