CVE-2026-1945

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpbusername' and 'wpbuseremail' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Exploit for Unrestricted Upload of File with Dangerous Type in Iqonic Wpbookit

⚡ WPBookit = 1.0.4 - Unauthenticated Arbitrary File Upload -...

CVE-2025-6058 WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addbookingtype' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitra...

PT-2025-15010 · Wpbookit · Wpbookit

Name of the Vulnerable Software and Affected Versions: WPBookit versions 1.0.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For WPBookit versions 1.0.1 and earlier, a...

CVE-2025-26910

CVE-2025-26910: WordPress WPBookit &lt;= 1.0.1 contains a CSRF vulnerability that enables stored XSS. Affected software: WPBookit plugin (WPBookit &lt;= 1.0.1). Remediation: patch status shows mitigation/patch applied (patched for WPBookit

PT-2024-36162 · Iqonic Design · Wpbookit

Name of the Vulnerable Software and Affected Versions: Iqonic Design WPBookit versions 1.6.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...