CVE-2025-47687: WordPress StoreKeeper for WooCommerce <= 14.4.4 - Arbitrary File Upload Vulnerability

10.0 CVSS

Description

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.

Classification

CVE ID: CVE-2025-47687

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem Types

CWE-434 Unrestricted Upload of File with Dangerous Type

Affected Products

Vendor: StoreKeeper B.V.

Product: StoreKeeper for WooCommerce

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 17.61% (scored less or equal to compared to others)

EPSS Date: 2025-06-03 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-47687
https://patchstack.com/database/wordpress/plugin/storekeeper-for-woocommerce/vulnerability/wordpress-storekeeper-for-woocommerce-14-4-4-arbitrary-file-upload-vulnerability?_s_id=cve

Timeline

2025-05-23 13:40:12 UTC
CVE

WordPress StoreKeeper for WooCommerce <= 14.4.4 - Arbitrary File Upload Vulnerability