Skip to main content

Wpbookit Pro

2 CVEs product

Monthly

CVE-2026-25414 HIGH This Week

WPBookit Pro contains an Incorrect Privilege Assignment vulnerability (CWE-266) that allows unauthenticated or low-privileged attackers to escalate their privileges within the WordPress plugin. All versions through 1.6.18 are affected, enabling attackers to gain unauthorized administrative or elevated capabilities. The vulnerability was reported by Patchstack and tracked under EUVD-2026-15721, though CVSS scoring data is currently unavailable.

Privilege Escalation Wpbookit Pro
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25413 CRITICAL Act Now

WPBookit Pro through version 1.6.18 contains an unrestricted file upload vulnerability (CWE-434) that allows attackers to upload malicious files to affected WordPress installations. This arbitrary file upload flaw enables remote code execution and complete site compromise without requiring authentication or special privileges. The vulnerability affects all versions of the iqonicdesign WPBookit Pro plugin up to and including 1.6.18, making it a critical risk for WordPress administrators using this booking plugin.

File Upload Wpbookit Pro
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH This Week

WPBookit Pro contains an Incorrect Privilege Assignment vulnerability (CWE-266) that allows unauthenticated or low-privileged attackers to escalate their privileges within the WordPress plugin. All versions through 1.6.18 are affected, enabling attackers to gain unauthorized administrative or elevated capabilities. The vulnerability was reported by Patchstack and tracked under EUVD-2026-15721, though CVSS scoring data is currently unavailable.

Privilege Escalation Wpbookit Pro
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

WPBookit Pro through version 1.6.18 contains an unrestricted file upload vulnerability (CWE-434) that allows attackers to upload malicious files to affected WordPress installations. This arbitrary file upload flaw enables remote code execution and complete site compromise without requiring authentication or special privileges. The vulnerability affects all versions of the iqonicdesign WPBookit Pro plugin up to and including 1.6.18, making it a critical risk for WordPress administrators using this booking plugin.

File Upload Wpbookit Pro
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy