Plattform
wordpress
Komponente
wp-ticketbai
Behoben in
3.18.1
CVE-2025-4564 is an arbitrary file access vulnerability affecting the TicketBAI Facturas para WooCommerce plugin for WordPress. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution. The vulnerability impacts versions 0.0.0 through 3.18. A patch is expected from the vendor.
The primary impact of CVE-2025-4564 is the ability for an unauthenticated attacker to delete files on the WordPress server. The most critical scenario involves deleting the wp-config.php file, which contains sensitive database credentials and configuration settings. Deletion of this file would effectively disable the WordPress site and allow the attacker to potentially gain control of the database. Furthermore, deletion of other critical system files could lead to denial of service or further compromise. The ease of exploitation, combined with the potential for RCE, makes this a high-severity vulnerability.
CVE-2025-4564 was publicly disclosed on 2025-05-15. While no public proof-of-concept (PoC) code has been released, the vulnerability's simplicity and potential for RCE suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Given the ease of exploitation and the potential impact, organizations should prioritize patching or implementing workarounds.
WordPress sites utilizing the TicketBAI Facturas para WooCommerce plugin, particularly those running versions 0.0.0 through 3.18, are at risk. Shared hosting environments are especially vulnerable, as they often have limited file permission controls and increased exposure to malicious actors. Sites with legacy WordPress configurations or those lacking robust security monitoring are also at higher risk.
• wordpress / plugin: Use wp-cli plugin list to identify installations of TicketBAI Facturas para WooCommerce. Check plugin version using wp plugin version ticketbai-facturas-para-woocommerce.
• wordpress / plugin: Examine plugin files for the 'delpdf' action and related file path validation logic. Use grep -r 'delpdf' /path/to/wordpress/wp-content/plugins/ticketbai-facturas-para-woocommerce/.
• generic web: Monitor web server access logs for requests containing the 'delpdf' parameter with unusual or potentially malicious file paths. Look for patterns like /wp-content/plugins/ticketbai-facturas-para-woocommerce/delpdf?file=/etc/passwd.
disclosure
Exploit-Status
EPSS
3.69% (88% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-4564 is to upgrade the TicketBAI Facturas para WooCommerce plugin to a patched version as soon as it becomes available. Until a patch is released, consider disabling the 'delpdf' action within the plugin if it is not essential. As a temporary workaround, restrict file permissions on the WordPress server to prevent unauthorized file deletion. Implement a Web Application Firewall (WAF) rule to block requests targeting the 'delpdf' action with suspicious parameters. Monitor WordPress logs for any unusual file deletion attempts.
Aktualisieren Sie das TicketBAI Facturas para WooCommerce Plugin auf die neueste verfügbare Version. Die Vulnerability wurde in einer Version nach 3.18 behoben. Weitere Details zur Behebung finden Sie in den Versionshinweisen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-4564 is a CRITICAL vulnerability in the TicketBAI Facturas para WooCommerce plugin allowing unauthenticated attackers to delete files, potentially leading to remote code execution. It affects versions 0.0.0–3.18.
If you are using TicketBAI Facturas para WooCommerce versions 0.0.0 through 3.18, you are potentially affected. Check your plugin version immediately.
Upgrade the TicketBAI Facturas para WooCommerce plugin to a patched version as soon as it's available. Until then, disable the 'delpdf' action or restrict file permissions.
While no public exploits are currently known, the vulnerability's simplicity suggests a high probability of exploitation. Monitor your systems closely.
Refer to the TicketBAI WooCommerce plugin's official website or WordPress plugin repository for updates and advisories regarding CVE-2025-4564.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.