CVE-2025-60207 is a critical security vulnerability identified in the Addify Custom User Registration Fields plugin for WooCommerce, specifically versions up to 2.1.2. The vulnerability allows an unauthenticated attacker to upload files of dangerous types without restriction, including web shells, directly to the web server hosting the WooCommerce site. This unrestricted file upload flaw arises from insufficient validation and sanitization of user-uploaded files within the plugin's custom registration fields feature. Exploiting this vulnerability enables remote code execution (RCE), allowing attackers to execute arbitrary commands on the server, potentially leading to full system compromise. The CVSS v3.1 base score is 10.0, reflecting the highest severity due to network attack vector (AV:N), no required privileges (PR:N), no user interaction (UI:N), and a scope change (S:C) that affects components beyond the vulnerable plugin. The impact includes complete loss of confidentiality, integrity, and availability of the affected system. Although no public exploits have been reported yet, the vulnerability's nature and ease of exploitation make it a critical risk for WooCommerce sites using this plugin. The lack of available patches at the time of disclosure necessitates immediate risk mitigation through configuration changes and monitoring. This vulnerability is particularly dangerous because WooCommerce is widely used in e-commerce, where attackers can steal customer data, manipulate transactions, or disrupt services. The plugin's popularity in European markets increases the threat to organizations in this region. Attackers could leverage this vulnerability to deploy web shells for persistent access, data exfiltration, or launching further attacks within the network.

For European organizations, the impact of CVE-2025-60207 is severe. E-commerce platforms running WooCommerce with the vulnerable Addify plugin face risks of complete system compromise, leading to theft of sensitive customer data such as payment information, personally identifiable information (PII), and order details. This can result in significant financial losses, regulatory penalties under GDPR, and reputational damage. The ability to upload web shells allows attackers to maintain persistent access, escalate privileges, and move laterally within corporate networks, potentially affecting other critical systems. Service disruption caused by ransomware or destructive payloads could also impact business continuity. Given the high adoption of WooCommerce in European markets, especially among small and medium enterprises (SMEs) that may lack advanced security controls, the threat is amplified. Additionally, compromised e-commerce sites can be used as platforms for distributing malware or launching attacks against customers, further extending the impact. The vulnerability's exploitation could also undermine trust in online retail services, affecting the broader digital economy in Europe.

1. Immediately monitor for any suspicious file uploads or web shell indicators on WooCommerce sites using the Addify Custom User Registration Fields plugin. 2. Restrict allowed file upload types to safe formats only, explicitly blocking executable and script files such as PHP, ASP, or other server-side code. 3. Implement a robust Web Application Firewall (WAF) with rules to detect and block malicious file uploads and web shell activity. 4. Apply vendor patches promptly once released; if unavailable, consider disabling the vulnerable plugin or removing the custom file upload functionality temporarily. 5. Harden server configurations by disabling execution permissions in upload directories to prevent execution of uploaded files. 6. Conduct regular security audits and penetration testing focused on file upload mechanisms. 7. Enforce strict access controls and network segmentation to limit the impact of a potential compromise. 8. Educate development and operations teams about secure coding practices related to file uploads. 9. Maintain up-to-date backups and incident response plans to enable rapid recovery in case of exploitation. 10. Use intrusion detection systems (IDS) to alert on anomalous activities related to file uploads or web shells.