CVE-2025-60204 is a Remote File Inclusion (RFI) vulnerability found in the WooCommerce Store Toolkit plugin (versions up to 2.4.3) developed by Josh Kohlbach. The vulnerability arises from improper validation and control of filenames used in PHP include or require statements. This flaw allows an attacker to supply a crafted filename parameter that causes the application to include and execute remote malicious PHP code. Since the vulnerability is remotely exploitable over the network without requiring authentication or user interaction, it poses a significant risk. The CVSS 3.1 base score of 7.5 reflects a high severity, primarily due to the high confidentiality impact (C:H), no integrity or availability impact, and the ease of exploitation (attack vector: network, attack complexity: low). The vulnerability could be exploited to execute arbitrary code, potentially leading to data theft, unauthorized access, or further compromise of the hosting server. No patches or fixes are currently linked, and no known exploits have been reported in the wild as of the published date. The vulnerability is particularly critical for e-commerce sites using WooCommerce Store Toolkit, as attackers could leverage this to compromise customer data or disrupt business operations.

For European organizations, especially those operating e-commerce platforms using WooCommerce with the vulnerable Store Toolkit plugin, this vulnerability poses a serious threat. Exploitation could lead to unauthorized disclosure of sensitive customer data, including personal and payment information, violating GDPR and other data protection regulations. The ability to execute remote code could also allow attackers to implant backdoors, conduct further lateral movement, or disrupt services. This could result in financial losses, reputational damage, regulatory penalties, and operational downtime. Given the widespread use of WooCommerce in Europe, the vulnerability could affect a broad range of small to medium-sized enterprises that rely on this plugin for store management. The lack of authentication requirement and remote exploitability increases the risk of automated attacks and widespread scanning by threat actors.

1. Immediately audit all WooCommerce installations to identify the presence of the WooCommerce Store Toolkit plugin and verify its version. 2. Apply any available patches or updates from the vendor as soon as they are released. If no official patch is available, consider temporarily disabling or removing the plugin to mitigate risk. 3. Implement strict input validation and sanitization on all parameters that control file inclusion paths to prevent injection of remote URLs or arbitrary files. 4. Configure PHP settings to disable allow_url_include and allow_url_fopen directives to prevent remote file inclusion. 5. Employ Web Application Firewalls (WAFs) with rules designed to detect and block RFI attack patterns targeting include/require parameters. 6. Monitor web server and application logs for suspicious requests attempting to exploit file inclusion vulnerabilities. 7. Conduct regular security assessments and penetration testing focused on plugin vulnerabilities and remote code execution risks. 8. Educate development and operations teams about secure coding practices related to file inclusion and parameter handling.