CVE-2025-32587
📋 TL;DR
This CVE describes a path traversal vulnerability in the WooCommerce Pickupp plugin that allows attackers to include arbitrary PHP files from the server. Attackers can potentially execute malicious code, read sensitive files, or compromise the WordPress site. All WordPress sites using WooCommerce Pickupp plugin versions up to 2.4.0 are affected.
💻 Affected Systems
- WooCommerce Pickupp WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to data theft, ransomware deployment, or complete site takeover through remote code execution.
Likely Case
Sensitive file disclosure (configuration files, database credentials), limited code execution, or site defacement.
If Mitigated
Attack blocked at web application firewall level with no successful exploitation.
🎯 Exploit Status
Path traversal vulnerabilities are commonly exploited and weaponized quickly due to their simplicity.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WooCommerce Pickupp' and update to version 2.4.1 or later. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the WooCommerce Pickupp plugin until patched
wp plugin deactivate wc-pickupp
Web Application Firewall rule
allBlock path traversal patterns in request URLs
🧯 If You Can't Patch
- Implement strict file permission controls on web server directories
- Deploy web application firewall with path traversal detection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WooCommerce Pickupp version 2.4.0 or earlierCheck Version:
wp plugin get wc-pickupp --field=versionVerify Fix Applied:
Verify plugin version is 2.4.1 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs
- Requests containing '../' sequences or unusual file paths
Network Indicators:
- HTTP requests with path traversal sequences targeting plugin endpoints
SIEM Query:
web_access_logs WHERE url CONTAINS '../' AND url CONTAINS 'pickupp'