Wpbookit Security Vulnerabilities and Issues — Wpbookit CVE List

Lucene search

IqonicWpbookit

8 matches found

CVE•added 2025/01/25 2:15 a.m.•53 views

CVE-2025-0357

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on...

9.8CVSS8AI score0.0025EPSS

CVE•added 2025/03/10 3:15 p.m.•45 views

CVE-2025-26910

Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.

7.1CVSS7AI score0.00028EPSS

CVE•added 2025/04/04 4:15 p.m.•43 views

CVE-2025-32254

Missing Authorization vulnerability in Iqonic Design WPBookit allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WPBookit: from n/a through 1.0.1.

5.3CVSS5.3AI score0.00042EPSS

CVE•added 2025/05/09 3:15 a.m.•42 views

CVE-2025-3810

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() funct...

9.8CVSS9.8AI score0.00109EPSS

CVE•added 2025/05/09 3:15 a.m.•42 views

CVE-2025-3811

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the edit_newdata_customer_callback() funct...

9.8CVSS9.8AI score0.00109EPSS

CVE•added 2025/01/09 8:15 p.m.•39 views

CVE-2024-10215

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

9.8CVSS9.4AI score0.00266EPSS

CVE•added 2025/07/12 5:15 a.m.•13 views

CVE-2025-6058

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arb...

9.8CVSS7.7AI score0.00087EPSS

CVE•added 2025/07/12 5:15 a.m.•8 views

CVE-2025-6057

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload() function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbi...

8.8CVSS7.3AI score0.00407EPSS