4 matches found
CVE-2025-6057
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimageupload function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-6057
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimageupload function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-6057
creationtimestamp| type| source ---|---|--- 2025-07-12 04:46:52+00:00| seen| https://bsky.app/profile/potato.software/post/3ltqkirzmiy24...
CVE-2025-6057 WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimageupload function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...