Iqonic

Wpbookit

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-6057

  • EPSS 0.74%
  • Veröffentlicht 12.07.2025 04:22:22
  • Zuletzt bearbeitet 16.07.2025 14:57:56

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload() function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with ...

9.8

CVE-2025-6058

  • EPSS 21.71%
  • Veröffentlicht 12.07.2025 04:22:21
  • Zuletzt bearbeitet 16.07.2025 14:57:37

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it pos...

9.8

CVE-2025-3811

  • EPSS 0.57%
  • Veröffentlicht 09.05.2025 01:42:35
  • Zuletzt bearbeitet 27.06.2025 17:39:22

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email t...

9.8

CVE-2025-3810

  • EPSS 0.57%
  • Veröffentlicht 09.05.2025 01:42:34
  • Zuletzt bearbeitet 27.06.2025 17:39:17

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like passwor...

5.3

CVE-2025-32254

  • EPSS 0.23%
  • Veröffentlicht 04.04.2025 16:15:34
  • Zuletzt bearbeitet 27.06.2025 17:39:06

Missing Authorization vulnerability in Iqonic Design WPBookit allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WPBookit: from n/a through 1.0.1.

6.1

CVE-2025-26910

  • EPSS 0.05%
  • Veröffentlicht 10.03.2025 14:34:39
  • Zuletzt bearbeitet 27.06.2025 17:39:43

Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.

9.8

CVE-2025-0357

  • EPSS 2.83%
  • Veröffentlicht 25.01.2025 02:15:26
  • Zuletzt bearbeitet 27.06.2025 17:38:07

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unaut...

9.8

CVE-2024-10215

  • EPSS 0.46%
  • Veröffentlicht 09.01.2025 20:15:34
  • Zuletzt bearbeitet 27.06.2025 17:37:52

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system re...

9.8

CVE-2024-54280

  • EPSS 0.31%
  • Veröffentlicht 16.12.2024 16:15:07
  • Zuletzt bearbeitet 27.06.2025 16:54:48

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0.