CVE-2025-7359 is a high-severity vulnerability affecting the 'Counter live visitors for WooCommerce' WordPress plugin developed by danielriera. This plugin is designed to track live visitors on WooCommerce-powered e-commerce sites. The vulnerability is classified as CWE-22, which corresponds to improper limitation of a pathname to a restricted directory, commonly known as a path traversal flaw. Specifically, the issue resides in the wcvisitor_get_block function, where insufficient validation of file paths allows an unauthenticated attacker to perform arbitrary file deletion on the server hosting the WordPress site. Unlike typical arbitrary file deletion vulnerabilities that target single files, this flaw enables deletion of all files within an arbitrary directory specified by the attacker. This can lead to significant data loss or denial of service (DoS) conditions by removing critical files necessary for website operation or server functionality. The vulnerability affects all versions of the plugin up to and including version 1.3.6. The CVSS v3.1 base score is 8.2, indicating high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is primarily on integrity (I:H) and availability (A:L), with no confidentiality impact (C:N). No known exploits are currently reported in the wild, and no patches have been published at the time of this analysis. The vulnerability is particularly critical because it can be exploited remotely without authentication or user interaction, making it highly accessible to attackers scanning for vulnerable WooCommerce sites using this plugin. Given WooCommerce's popularity in e-commerce, exploitation could disrupt online sales and damage business operations.

For European organizations, the impact of CVE-2025-7359 can be substantial, especially for those relying on WooCommerce for their e-commerce platforms. Successful exploitation can result in deletion of critical files, leading to website downtime, loss of sales, and damage to brand reputation. The arbitrary directory deletion capability increases the risk of extensive data loss beyond single files, potentially affecting backups, configuration files, or other essential assets stored within the web server's file system. This could also trigger compliance issues under GDPR if customer data or transaction logs are lost or corrupted. Small and medium-sized enterprises (SMEs) that often use WordPress and WooCommerce due to cost-effectiveness may be particularly vulnerable if they lack robust backup and recovery strategies. Additionally, the lack of authentication requirement means attackers can automate exploitation attempts, increasing the risk of widespread attacks across European e-commerce sites. The denial of service aspect could disrupt business continuity, impacting revenue and customer trust. Organizations in sectors with high online transaction volumes, such as retail, travel, and digital services, are at elevated risk. Furthermore, the vulnerability could be leveraged as part of a larger attack chain, for example, to facilitate ransomware deployment or data exfiltration by first disabling security mechanisms or deleting logs.

To mitigate CVE-2025-7359, European organizations should take immediate and specific actions beyond generic patching advice: 1) Disable or deactivate the 'Counter live visitors for WooCommerce' plugin until a security patch or update is released by the vendor. 2) Implement strict web application firewall (WAF) rules to detect and block suspicious requests attempting path traversal patterns targeting the vulnerable wcvisitor_get_block function. 3) Conduct a thorough audit of file system permissions to ensure the web server process has the minimum necessary write/delete privileges, limiting the scope of potential damage if exploited. 4) Regularly back up website files and databases with offsite or immutable storage to enable rapid recovery from file deletion incidents. 5) Monitor web server logs and WordPress activity logs for unusual deletion requests or errors indicating file access issues. 6) Employ intrusion detection systems (IDS) tuned to detect exploitation attempts of path traversal vulnerabilities. 7) Educate IT and security teams about this specific vulnerability to recognize exploitation indicators promptly. 8) Once a patch is available, prioritize testing and deployment in all affected environments. 9) Consider isolating WooCommerce plugins in containerized or sandboxed environments to reduce impact scope. These targeted measures will help reduce the risk and potential damage from this vulnerability until a permanent fix is applied.