CVE-2025-4564
📋 TL;DR
The TicketBAI Facturas para WooCommerce WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on the server. This affects all versions up to and including 3.18. Attackers can achieve remote code execution by deleting critical files like wp-config.php.
💻 Affected Systems
- TicketBAI Facturas para WooCommerce WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise via remote code execution, data loss, and potential server takeover by deleting critical system files.
Likely Case
Website defacement, data loss, and service disruption from deletion of WordPress core files or configuration.
If Mitigated
Limited impact if proper file permissions and web application firewalls block exploitation attempts.
🎯 Exploit Status
Exploitation is trivial via HTTP requests to the vulnerable 'delpdf' action endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.19 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3292061/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'TicketBAI Facturas para WooCommerce'. 4. Click 'Update Now' if available, or download version 3.19+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the TicketBAI plugin until patched.
wp plugin deactivate wp-ticketbai
Web Application Firewall rule
linuxBlock requests to the vulnerable 'delpdf' action endpoint.
LocationMatch "\/wp-content\/plugins\/wp-ticketbai\/.*delpdf" {
Deny from all
}
🧯 If You Can't Patch
- Remove the plugin entirely and use alternative invoicing solutions.
- Implement strict file permissions (chmod 644 for files, 755 for directories) and disable PHP execution in upload directories.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → TicketBAI Facturas para WooCommerce version. If version is 3.18 or lower, system is vulnerable.Check Version:
wp plugin get wp-ticketbai --field=versionVerify Fix Applied:
Confirm plugin version is 3.19 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '/wp-content/plugins/wp-ticketbai/' with 'delpdf' parameter
- 404 errors for critical files like wp-config.php
Network Indicators:
- POST/GET requests to plugin endpoints with file deletion parameters
SIEM Query:
source="web_logs" AND uri="/wp-content/plugins/wp-ticketbai/" AND (query="*delpdf*" OR post_data="*delpdf*")