A high-severity vulnerability has been identified in the "Counter live visitors for WooCommerce" plugin for WordPress. This flaw could allow an unauthenticated attacker to delete critical files from the web server, such as configuration files or core application code. Successful exploitation could render the website completely inoperable, lead to significant data loss, and potentially create an opportunity for further system compromise.

The vulnerability exists within the wcvisitor_get_block function of the plugin. Due to insufficient validation of user-supplied file paths, an attacker can craft a malicious request that tricks the function into deleting arbitrary files on the server's file system. An attacker could leverage directory traversal sequences (e.g., ../) to navigate outside of the intended directory and target critical files like wp-config.php, .htaccess, or other essential system and application files.

This vulnerability is rated as High severity with a CVSS score of 8.2. Exploitation could have a severe and direct impact on business operations. The deletion of core WordPress files would immediately cause a complete website outage, leading to service disruption, loss of revenue, and reputational damage. Furthermore, the deletion of security-related files could disable protections, lowering the barrier for subsequent attacks, while the deletion of data or backup files could result in permanent data loss. The primary risks are extended downtime and the cost associated with incident response and system restoration.

Immediate Action:

• Identify all WordPress instances running the "Counter live visitors for WooCommerce" plugin.
• Update the plugin to the latest patched version immediately.
• If the plugin's functionality is not critical to business operations, the recommended course of action is to deactivate and completely remove it to eliminate the attack surface.

Proactive Monitoring:

• Monitor web server access logs for suspicious requests targeting the plugin's functions, specifically looking for directory traversal patterns (../) in request parameters.
• Implement a File Integrity Monitoring (FIM) solution to alert on any unauthorized changes or deletions of critical files within the WordPress installation directory and key system directories.
• Review server error logs for "file not found" errors that could indicate a successful or attempted exploitation.

Compensating Controls:

• If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to block directory traversal attack patterns.
• Enforce strict file system permissions, ensuring the web server's user account has minimal necessary privileges and cannot write to or delete files outside of its designated directories.
• Ensure that automated, regular, and tested backups of the entire web application and database are in place to enable rapid recovery in the event of a successful attack.

Public Exploit Available: false

This vulnerability presents a high risk to the availability and integrity of any website using the affected plugin. Although it is not yet listed on the CISA KEV, the high CVSS score of 8.2 and the potential for complete service disruption demand urgent action. We strongly recommend organizations immediately apply the vendor-supplied patch or remove the vulnerable plugin entirely. Prioritize this remediation to prevent potential exploitation and protect against significant operational downtime and data loss.