Platform
wordpress
Component
wp-ticketbai
Fixed in
3.18.1
CVE-2025-4564 is an arbitrary file access vulnerability affecting the TicketBAI Facturas para WooCommerce plugin for WordPress. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution. The vulnerability impacts versions 0.0.0 through 3.18. A patch is expected from the vendor.
The primary impact of CVE-2025-4564 is the ability for an unauthenticated attacker to delete files on the WordPress server. The most critical scenario involves deleting the wp-config.php file, which contains sensitive database credentials and configuration settings. Deletion of this file would effectively disable the WordPress site and allow the attacker to potentially gain control of the database. Furthermore, deletion of other critical system files could lead to denial of service or further compromise. The ease of exploitation, combined with the potential for RCE, makes this a high-severity vulnerability.
CVE-2025-4564 was publicly disclosed on 2025-05-15. While no public proof-of-concept (PoC) code has been released, the vulnerability's simplicity and potential for RCE suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Given the ease of exploitation and the potential impact, organizations should prioritize patching or implementing workarounds.
Exploit Status
EPSS
3.69% (88% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-4564 is to upgrade the TicketBAI Facturas para WooCommerce plugin to a patched version as soon as it becomes available. Until a patch is released, consider disabling the 'delpdf' action within the plugin if it is not essential. As a temporary workaround, restrict file permissions on the WordPress server to prevent unauthorized file deletion. Implement a Web Application Firewall (WAF) rule to block requests targeting the 'delpdf' action with suspicious parameters. Monitor WordPress logs for any unusual file deletion attempts.
Update the TicketBAI Facturas para WooCommerce plugin to the latest available version. The vulnerability has been fixed in a version later than 3.18. See the release notes for more details about the fix.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-4564 is a CRITICAL vulnerability in the TicketBAI Facturas para WooCommerce plugin allowing unauthenticated attackers to delete files, potentially leading to remote code execution. It affects versions 0.0.0–3.18.
If you are using TicketBAI Facturas para WooCommerce versions 0.0.0 through 3.18, you are potentially affected. Check your plugin version immediately.
Upgrade the TicketBAI Facturas para WooCommerce plugin to a patched version as soon as it's available. Until then, disable the 'delpdf' action or restrict file permissions.
While no public exploits are currently known, the vulnerability's simplicity suggests a high probability of exploitation. Monitor your systems closely.
Refer to the TicketBAI WooCommerce plugin's official website or WordPress plugin repository for updates and advisories regarding CVE-2025-4564.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.