Iqonic Wpbookit

9 CVEs affecting Iqonic Wpbookit. Latest disclosed: 2025-07-12. Critical: 6, High: 2.

Top CVEs affecting Iqonic Wpbookit
CVESeverityScorePublishedSummary
CVE-2025-6058Critical9.82025-07-12The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via…
CVE-2025-3811Critical9.82025-05-09The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the pl…
CVE-2025-3810Critical9.82025-05-09The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the pl…
CVE-2025-0357Critical9.82025-01-25The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image…
CVE-2024-10215Critical9.82025-01-09The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing…
CVE-2024-54280Critical9.32024-12-16Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This…
CVE-2025-6057High8.82025-07-12The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload() function in all vers…
CVE-2025-26910High7.12025-03-10Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1.
CVE-2025-32254Medium5.32025-04-04Missing Authorization vulnerability in Iqonic Design WPBookit wpbookit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPBoo…