CVE-2025-4603
📋 TL;DR
The eMagicOne Store Manager for WooCommerce WordPress plugin has an arbitrary file deletion vulnerability in all versions up to 1.2.5. Unauthenticated attackers can delete any file on the server, potentially leading to remote code execution by deleting critical files like wp-config.php. This affects WordPress sites using the vulnerable plugin with default or compromised credentials.
💻 Affected Systems
- eMagicOne Store Manager for WooCommerce WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise via remote code execution, data loss, and site defacement by deleting wp-config.php or other critical files.
Likely Case
Site disruption and data loss from arbitrary file deletion, potentially leading to downtime and recovery costs.
If Mitigated
Limited impact if proper access controls and monitoring are in place, with only minor disruption possible.
🎯 Exploit Status
Public exploit code available on GitHub; exploitation requires knowledge of or access to plugin credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.6 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/store-manager-connector/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Store Manager for WooCommerce' and click 'Update Now'. 4. Verify version is 1.2.6 or higher.
🔧 Temporary Workarounds
Change Default Password
allChange the plugin's default password from '1:1' to a strong, unique password.
Navigate to plugin settings and update password field
Disable Plugin
allTemporarily disable the plugin until patched.
WordPress admin > Plugins > Store Manager for WooCommerce > Deactivate
🧯 If You Can't Patch
- Implement strict network access controls to limit plugin access to trusted IPs only.
- Enable file integrity monitoring to detect unauthorized file deletions.
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is 1.2.5 or lower, you are vulnerable.Check Version:
WordPress admin panel or check wp-content/plugins/store-manager-connector/readme.txtVerify Fix Applied:
After update, confirm plugin version is 1.2.6 or higher in the same location.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in web server logs
- POST requests to plugin endpoints with file deletion parameters
Network Indicators:
- HTTP requests to /wp-content/plugins/store-manager-connector/ endpoints with delete_file parameters
SIEM Query:
source="web_server" AND (uri="*store-manager-connector*" AND method="POST" AND (param="delete_file" OR param="file_path"))🔗 References
- https://github.com/d0n601/CVE-2025-4603/
- https://plugins.trac.wordpress.org/browser/store-manager-connector/trunk/classes/class-emosmconnectorcommon.php#L2167
- https://plugins.trac.wordpress.org/browser/store-manager-connector/trunk/classes/class-emosmcwoocommerceoverrider.php#L380
- https://plugins.trac.wordpress.org/browser/store-manager-connector/trunk/smconnector.php#L35-36
- https://ryankozak.com/posts/cve-2025-4603/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/242ad00b-3602-4988-ab7a-76fba2e9d4cf?source=cve
