CVE-2025-47649 is a high-severity path traversal vulnerability (CWE-35) affecting the ilmosys Open Close WooCommerce Store plugin, versions up to 4.9.5. This vulnerability allows an attacker with at least low-level privileges (PR:L) to perform PHP Local File Inclusion (LFI) by exploiting insufficient validation of user-supplied input that controls file paths. The vulnerability can be triggered remotely over the network (AV:N) without requiring user interaction (UI:N). Successful exploitation can lead to full compromise of confidentiality, integrity, and availability of the affected system, as the attacker can include arbitrary local files, potentially leading to disclosure of sensitive information, code execution, or denial of service. The CVSS 3.1 base score is 8.8, reflecting the high impact and relatively low complexity of exploitation. The vulnerability affects the Open Close WooCommerce Store plugin, which integrates with WooCommerce, a widely used e-commerce platform on WordPress. No patches or fixes have been published yet, and no known exploits are currently reported in the wild. However, the presence of this vulnerability in an e-commerce context makes it a critical risk, especially given the potential for data theft, website defacement, or further pivoting into internal networks.

For European organizations, this vulnerability poses significant risks, particularly for online retailers and businesses using WooCommerce with the Open Close WooCommerce Store plugin. Exploitation could lead to exposure of customer data, including personal and payment information, violating GDPR and other data protection regulations, which can result in heavy fines and reputational damage. The ability to execute arbitrary code or disrupt service could also lead to operational downtime, loss of sales, and erosion of customer trust. Given the e-commerce focus, financial fraud and theft are also potential consequences. The vulnerability's network-exploitable nature means attackers can target these systems remotely, increasing the threat surface. Organizations in Europe with limited patch management capabilities or those using outdated plugin versions are particularly at risk. Additionally, the lack of user interaction requirement facilitates automated exploitation attempts, increasing the likelihood of attacks.

European organizations should immediately audit their WordPress installations to identify the presence of the Open Close WooCommerce Store plugin and verify the version in use. Until an official patch is released, it is advisable to disable or remove the vulnerable plugin to eliminate the attack vector. Implementing Web Application Firewalls (WAFs) with rules to detect and block path traversal attempts can provide interim protection. Restricting file system permissions for the web server user to limit accessible files can reduce the impact of potential exploitation. Monitoring web server logs for suspicious requests containing directory traversal patterns is recommended to detect exploitation attempts early. Organizations should also ensure that their WordPress and WooCommerce installations, along with all plugins, are kept up to date and follow the principle of least privilege for user accounts. Finally, preparing an incident response plan specific to web application compromises will help mitigate damage if exploitation occurs.