Skip to main content

Wpbookit

6 CVEs product

Monthly

CVE-2025-6058 CRITICAL POC PATCH THREAT Act Now

The WPBookit WordPress plugin (versions ≤1.0.4) contains a critical arbitrary file upload vulnerability in the image_upload_handle() function due to missing file type validation, allowing unauthenticated attackers to upload malicious files and potentially achieve remote code execution. With a CVSS score of 9.8, network-accessible attack vector, and no authentication requirement, this vulnerability poses an immediate and severe threat to any WordPress installation using the affected plugin.

WordPress RCE Wpbookit PHP
NVD
CVSS 3.1
9.8
EPSS
21.7%
Threat
4.1
CVE-2025-6057 HIGH PATCH This Week

WPBookit WordPress plugin versions up to 1.0.4 contain an arbitrary file upload vulnerability in the handle_image_upload() function due to missing file type validation, allowing authenticated attackers with Subscriber-level privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a plugin likely used by booking/appointment management websites, with low attack complexity and no user interaction required once authenticated.

WordPress RCE Wpbookit PHP
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-3811 CRITICAL PATCH Act Now

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Privilege Escalation Wpbookit PHP
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-3810 CRITICAL PATCH Act Now

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Privilege Escalation Wpbookit PHP
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-0357 CRITICAL This Week

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload WordPress Wpbookit PHP
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-10215 CRITICAL This Week

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpbookit
NVD
CVSS 3.1
9.8
EPSS
0.3%
EPSS 22% 4.1 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The WPBookit WordPress plugin (versions ≤1.0.4) contains a critical arbitrary file upload vulnerability in the image_upload_handle() function due to missing file type validation, allowing unauthenticated attackers to upload malicious files and potentially achieve remote code execution. With a CVSS score of 9.8, network-accessible attack vector, and no authentication requirement, this vulnerability poses an immediate and severe threat to any WordPress installation using the affected plugin.

WordPress RCE Wpbookit +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

WPBookit WordPress plugin versions up to 1.0.4 contain an arbitrary file upload vulnerability in the handle_image_upload() function due to missing file type validation, allowing authenticated attackers with Subscriber-level privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a plugin likely used by booking/appointment management websites, with low attack complexity and no user interaction required once authenticated.

WordPress RCE Wpbookit +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Privilege Escalation +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Privilege Escalation +2
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload WordPress +2
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpbookit
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy