Unrestricted File Upload Vulnerability in StoreKeeper for WooCommerce by StoreKeeper B.V.
CVE-2025-48148

10CRITICAL

Key Information:

Vendor: WordPress
Status: Storekeeper For WooCommerce
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-48148?

The StoreKeeper for WooCommerce plugin developed by StoreKeeper B.V. is susceptible to an unrestricted file upload vulnerability, enabling attackers to upload and execute malicious files. This vulnerability compromises the security of WooCommerce stores by allowing unauthorized file types to be uploaded. Users of versions n/a to 14.4.4 should take immediate actions to secure their installations against potential exploitation, as failure to address this issue could lead to severe consequences for store operations and customer data.

Affected Version(s)

StoreKeeper for WooCommerce 0 <= 14.4.4

References

https://patchstack.com/database/Wordpress/Plugin/storekee...

vdb-entry

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
May 15, 2025

Credit

theviper17 (Patchstack Alliance)

CVE-2025-48148 Data

JSON

WordPress

What is CVE-2025-48148?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit