CVE-2025-0357

Critical CVSS: 9.8

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Vendor

Iqonic

Product

Wpbookit

CWE

CWE-434

Yayın Tarihi

2025-01-25 02:15:26

Güncelleme

2025-06-27 17:38:07

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-434 Wpbookit CRITICAL Iqonic 2025

Referanslar

https://documentation.iqonic.design/wpbookit/versions/change-log https://www.wordfence.com/threat-intel/vulnerabilities/id/19bf7a68-e76d-4740-9f35-b6084094f59b?source=cve

Benzer Kayıtlar

Critical

CVE-2025-6058

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ima…

High

CVE-2025-6057

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the han…

Critical

CVE-2025-3810

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and…

Critical

CVE-2025-3811

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and…

Medium

CVE-2025-32254

Missing Authorization vulnerability in Iqonic Design WPBookit wpbookit allows Accessing Functionality Not Properly Const…

Medium

CVE-2025-26910

Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects…