Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload() function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
AnalysisAI
WPBookit WordPress plugin versions up to 1.0.4 contain an arbitrary file upload vulnerability in the handle_image_upload() function due to missing file type validation, allowing authenticated attackers with Subscriber-level privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a plugin likely used by booking/appointment management websites, with low attack complexity and no user interaction required once authenticated.
Technical ContextAI
The vulnerability exists in the WPBookit plugin's image upload handler, which fails to properly validate file types before storage. This is a classic CWE-434 (Unrestricted Upload of File with Dangerous Type) vulnerability. The root cause is insufficient input validation in the handle_image_upload() function, which likely accepts file uploads without checking MIME types, file extensions, or content signatures. WordPress plugins with subscriber-level access can typically interact with upload directories. An attacker can bypass client-side or weak server-side validation to upload PHP, JSP, or other executable files. The affected component processes HTTP POST requests for image uploads without adequate security controls. CPE would be: cpe:2.3:a:wpbookit:wpbookit:*:*:*:*:*:wordpress:*:* (versions <= 1.0.4).
RemediationAI
Immediate Patch: Update WPBookit plugin to version 1.0.5 or later (when released) Workaround (if patch unavailable): Restrict file upload functionality and validate uploads Detection & Response: Identify compromised sites and clean malicious uploads
The WPBookit WordPress plugin (versions ≤1.0.4) contains a critical arbitrary file upload vulnerability in the image_upl
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in th
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-21200