प्लेटफ़ॉर्म
wordpress
घटक
aco-woo-dynamic-pricing
में ठीक किया गया
4.5.10
CVE-2025-47588 is a critical code injection vulnerability affecting the Dynamic Pricing With Discount Rules for WooCommerce plugin. This flaw allows attackers to inject and execute arbitrary code on vulnerable systems, potentially leading to complete website takeover. The vulnerability impacts versions 0.0.0 through 4.5.9, and a patch is available in version 4.5.10.
The code injection vulnerability in Dynamic Pricing With Discount Rules for WooCommerce presents a severe risk to WordPress sites utilizing this plugin. An attacker could exploit this flaw to execute malicious code directly on the server, gaining unauthorized access to sensitive data, modifying website content, or even installing malware. The potential impact extends beyond data theft to include defacement of the website, denial of service, and the use of the compromised site for further attacks. This vulnerability is particularly concerning due to the plugin's functionality, which often handles pricing and discount logic, potentially exposing financial data and customer information.
CVE-2025-47588 has been publicly disclosed. While no active exploitation campaigns have been confirmed at the time of writing, the critical severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread attacks.
WordPress sites utilizing the Dynamic Pricing With Discount Rules for WooCommerce plugin, particularly those running versions 0.0.0 through 4.5.9, are at significant risk. Shared hosting environments where plugin updates are not managed by the site owner are especially vulnerable, as are sites with weak security configurations or outdated WordPress installations.
• wordpress / composer / npm:
grep -r 'system(' /var/www/html/wp-content/plugins/aco-woo-dynamic-pricing/• wordpress / composer / npm:
wp plugin list --status=inactive | grep aco-woo-dynamic-pricing• wordpress / composer / npm:
wp plugin list --status=active | grep aco-woo-dynamic-pricingdisclosure
एक्सप्लॉइट स्थिति
EPSS
0.09% (26% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-47588 is to immediately upgrade the Dynamic Pricing With Discount Rules for WooCommerce plugin to version 4.5.10 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin to reduce the attack surface. While a direct WAF rule is difficult to implement without specific code patterns, monitor web application firewalls for unusual code execution attempts. After upgrading, verify the fix by attempting to inject a simple PHP payload through a relevant plugin parameter and confirming that it is not executed.
कोड इंजेक्शन (Code Injection) भेद्यता को ठीक करने के लिए Dynamic Pricing With Discount Rules for WooCommerce प्लगइन को नवीनतम उपलब्ध संस्करण में अपडेट करें। नवीनतम संस्करण और अपडेट निर्देशों के लिए WordPress.org पर प्लगइन पेज देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-47588 is a critical code injection vulnerability in the Dynamic Pricing With Discount Rules for WooCommerce plugin, allowing attackers to execute arbitrary code.
Yes, if you are using Dynamic Pricing With Discount Rules for WooCommerce versions 0.0.0 through 4.5.9, you are affected by this vulnerability.
Upgrade the Dynamic Pricing With Discount Rules for WooCommerce plugin to version 4.5.10 or later to resolve this vulnerability.
While no active exploitation campaigns have been confirmed, the critical severity suggests a high probability of exploitation.
Refer to the acowebs website or the WooCommerce plugin repository for the official advisory and update information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।