- Description
- The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Analyzed
- Products
- wpbookit
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
🚨 CVE-2025-6058 - critical 🚨 WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload > The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to miss... 👾 https://t.co/F7jbI5Rjsu @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
22 Jul 2025
36 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6058 i WPBookit-plugin för WordPress tillåter obehöriga filuppladdningar vilket kan leda till RCE. Viktigt för webbplatsägare att agera nu! #säkerhet #cybersäkerhet #CVE
@Sakerhetsblogg
12 Jul 2025
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload 📄 CVE-2025-6058 | CVSS: 9.8 (Critical) 🔗 Allows attackers to upload arbitrary files and gain RCE on vulnerable WordPress sites. PoC:https://t.co/nnloLc43vT #WordPress #CVE #Security #CyberSecurity
@Nxploited
12 Jul 2025
74 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-6058 Unauthenticated Arbitrary File Upload Vulnerability in WPBookit WordPress Plugin https://t.co/oCoLPIBtQD
@VulmonFeeds
12 Jul 2025
93 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6058 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_… https://t.co/Z7eHAUSJ4R
@CVEnew
12 Jul 2025
557 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-6058: CRITICAL] WordPress plugin WPBookit has a security flaw letting attackers upload files on the server, leading to possible remote code execution. Update to version 1.0.5 to patch the vulnerability.#cve,CVE-2025-6058,#cybersecurity https://t.co/l11xle2ESL https://t.
@CveFindCom
12 Jul 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iqonic:wpbookit:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "E6DAE9D5-60C5-47A3-AA71-81EC6CCF7376",
"versionEndExcluding": "1.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]