WordPress WPBookit plugin <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters vulnerability

Unauthenticated Stored Cross-Site Scripting via 'wpbusername' and 'wpbuseremail' Parameters vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin WPBookit versions = 1.0.8...

CVE-2026-1980 WPBookit <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'getcustomerlist' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information includin...

CVE-2026-1980

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'getcustomerlist' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information includin...

CVE-2026-1945

The CVE-2026-1945 entry concerns the WPBookit WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability affects the plugin via the wpb_user_name and wpb_user_email parameters in all versions up to and including 1.0.8, caused by insufficient input sanitization and output escaping. Exploi...

CVE-2025-12685

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...

CVE-2025-12685 WPBookit <= 1.0.7 - Customer Deletion via CSRF

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...

CVE-2025-12685 WPBookit <= 1.0.7 - Customer Deletion via CSRF

The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack...

CVE-2025-12135

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...

EUVD-2025-198406

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csscode' parameter in all versions up to, and including, 1.0.6 due to a missing capability check on the savecustomecode function. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2025-47691

Name of the Vulnerable Software and Affected Versions WPBookit versions up to and including 1.0.6 Description The WPBookit plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to a missing capability check on the save custome code function, allowing unauthenticated...

WordPress plugin WPBookit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

EUVD-2025-1626

Malicious code in bioql PyPI...

EUVD-2025-21200

Malicious code in bioql PyPI...

CVE-2025-7852

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...

CVE-2025-7852

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...

CVE-2025-7852

CVE-2025-7852 : The WPBookit WordPress plugin is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in image_upload_handle(), exploited via the add_new_customer route. Affected versions are up to and including 1.0.6. The upload handler uses move_uploaded_file...

CVE-2025-7852 WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...

CVE-2025-7852 WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...

CVE-2025-6057

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimageupload function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2025-6058

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addbookingtype' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitra...