5 matches found
CVE-2025-7852
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...
CVE-2025-7852
CVE-2025-7852 : The WPBookit WordPress plugin is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in image_upload_handle(), exploited via the add_new_customer route. Affected versions are up to and including 1.0.6. The upload handler uses move_uploaded_file...
CVE-2025-7852 WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...
CVE-2025-7852 WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...
WordPress WPBookit plugin <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function vulnerability
Unauthenticated Arbitrary File Upload via imageuploadhandle Function vulnerability discovered by theviper17y in WordPress Plugin WPBookit versions = 1.0.6...