Iqonic Wpbookit
9 CVEs affecting Iqonic Wpbookit. Latest disclosed: 2025-07-12. Critical: 6, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-6058 | Critical | 9.8 | 2025-07-12 | The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via… |
CVE-2025-3811 | Critical | 9.8 | 2025-05-09 | The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the pl… |
CVE-2025-3810 | Critical | 9.8 | 2025-05-09 | The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the pl… |
CVE-2025-0357 | Critical | 9.8 | 2025-01-25 | The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image… |
CVE-2024-10215 | Critical | 9.8 | 2025-01-09 | The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing… |
CVE-2024-54280 | Critical | 9.3 | 2024-12-16 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This… |
CVE-2025-6057 | High | 8.8 | 2025-07-12 | The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload() function in all vers… |
CVE-2025-26910 | High | 7.1 | 2025-03-10 | Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1. |
CVE-2025-32254 | Medium | 5.3 | 2025-04-04 | Missing Authorization vulnerability in Iqonic Design WPBookit wpbookit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPBoo… |