CVE-2025-4603 is a critical vulnerability identified in the eMagicOne Store Manager for WooCommerce plugin for WordPress, affecting all versions up to and including 1.2.5. The vulnerability stems from insufficient validation of file paths in the delete_file() function, which allows an attacker to perform arbitrary file deletion on the server hosting the plugin. Specifically, the flaw is categorized under CWE-73, which involves external control of file names or paths. Exploitation of this vulnerability can lead to deletion of critical files such as wp-config.php, a core configuration file for WordPress. Deleting such files can disrupt website availability and potentially enable remote code execution (RCE), allowing attackers to execute arbitrary code on the server. The vulnerability is exploitable by unauthenticated attackers only under certain conditions: either when the plugin is left with its default password set to '1:1' or if the attacker has obtained valid credentials. The CVSS v3.1 base score is 9.1, reflecting a critical severity due to the network attack vector, no required privileges or user interaction, and high impact on integrity and availability. Although no known exploits are currently reported in the wild, the ease of exploitation combined with the potential for severe impact makes this a significant threat. No patches have been linked yet, indicating that mitigation may require configuration changes or vendor updates once available.

For European organizations, this vulnerability poses a significant risk to the integrity and availability of e-commerce platforms running WooCommerce with the affected plugin. Successful exploitation could lead to deletion of essential files, causing website downtime, loss of customer trust, and potential financial losses. Furthermore, if attackers achieve remote code execution, they could compromise sensitive customer data, including payment information, violating GDPR and other data protection regulations. The unauthenticated nature of the attack vector increases the risk, especially for organizations that have not changed default credentials or have weak access controls. Given the widespread use of WooCommerce in Europe for online retail, this vulnerability could disrupt business operations and expose organizations to regulatory penalties and reputational damage.

European organizations should immediately audit their WooCommerce installations to identify the presence of the eMagicOne Store Manager plugin and verify the version in use. They must ensure that default passwords are changed from '1:1' to strong, unique credentials to prevent unauthorized access. Until an official patch is released, organizations should consider disabling or uninstalling the plugin if it is not essential. Implementing strict file system permissions to restrict the plugin's ability to delete critical files can reduce risk. Monitoring server logs for suspicious file deletion attempts and unauthorized access attempts is recommended. Additionally, organizations should maintain regular backups of website files and databases to enable rapid recovery in case of file deletion. Finally, applying a web application firewall (WAF) with rules to detect and block exploitation attempts targeting this vulnerability can provide an additional layer of defense.