Platform
wordpress
Component
aco-woo-dynamic-pricing
Fixed in
4.5.10
CVE-2025-47588 is a critical code injection vulnerability affecting the Dynamic Pricing With Discount Rules for WooCommerce plugin. This flaw allows attackers to inject and execute arbitrary code on vulnerable systems, potentially leading to complete website takeover. The vulnerability impacts versions 0.0.0 through 4.5.9, and a patch is available in version 4.5.10.
The code injection vulnerability in Dynamic Pricing With Discount Rules for WooCommerce presents a severe risk to WordPress sites utilizing this plugin. An attacker could exploit this flaw to execute malicious code directly on the server, gaining unauthorized access to sensitive data, modifying website content, or even installing malware. The potential impact extends beyond data theft to include defacement of the website, denial of service, and the use of the compromised site for further attacks. This vulnerability is particularly concerning due to the plugin's functionality, which often handles pricing and discount logic, potentially exposing financial data and customer information.
CVE-2025-47588 has been publicly disclosed. While no active exploitation campaigns have been confirmed at the time of writing, the critical severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread attacks.
Exploit Status
EPSS
0.09% (26% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-47588 is to immediately upgrade the Dynamic Pricing With Discount Rules for WooCommerce plugin to version 4.5.10 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin to reduce the attack surface. While a direct WAF rule is difficult to implement without specific code patterns, monitor web application firewalls for unusual code execution attempts. After upgrading, verify the fix by attempting to inject a simple PHP payload through a relevant plugin parameter and confirming that it is not executed.
Update the Dynamic Pricing With Discount Rules for WooCommerce plugin to the latest available version to resolve the code injection vulnerability. Refer to the plugin page on WordPress.org for the latest version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-47588 is a critical code injection vulnerability in the Dynamic Pricing With Discount Rules for WooCommerce plugin, allowing attackers to execute arbitrary code.
Yes, if you are using Dynamic Pricing With Discount Rules for WooCommerce versions 0.0.0 through 4.5.9, you are affected by this vulnerability.
Upgrade the Dynamic Pricing With Discount Rules for WooCommerce plugin to version 4.5.10 or later to resolve this vulnerability.
While no active exploitation campaigns have been confirmed, the critical severity suggests a high probability of exploitation.
Refer to the acowebs website or the WooCommerce plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.