CVE-2025-6058: CWE-434 Unrestricted Upload of File with Dangerous Type in iqonicdesign WPBookit
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI Analysis
Technical Summary
CVE-2025-6058 is a critical vulnerability affecting the WPBookit plugin for WordPress, developed by iqonicdesign. The vulnerability arises from the plugin's image_upload_handle() function, which is hooked via the 'add_booking_type' route. This function lacks proper file type validation, allowing unauthenticated attackers to upload arbitrary files to the server hosting the affected WordPress site. Since the plugin does not restrict the types of files that can be uploaded, attackers can potentially upload malicious scripts or executable files. This can lead to remote code execution (RCE), enabling attackers to execute arbitrary code on the server, compromise the website, steal data, or pivot to other internal systems. The vulnerability affects all versions up to and including 1.0.4 of WPBookit. The CVSS v3.1 base score is 9.8, indicating a critical severity with network attack vector, no privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability. No patches or fixes have been published yet, and no known exploits are reported in the wild at this time. However, the ease of exploitation and the critical impact make this a high-risk vulnerability for WordPress sites using this plugin.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for businesses relying on WordPress for their online presence and using the WPBookit plugin for booking or scheduling functionalities. Successful exploitation could lead to full server compromise, data breaches involving personal or financial information, defacement of websites, or disruption of online services. This can result in reputational damage, regulatory penalties under GDPR for data breaches, and operational downtime. Organizations in sectors such as hospitality, travel, event management, and service industries that use WPBookit for booking management are particularly at risk. Additionally, compromised servers could be used as a foothold for further attacks within the organization's network or as part of botnets, amplifying the threat landscape.
Mitigation Recommendations
Immediate mitigation steps include disabling or uninstalling the WPBookit plugin until a security patch is released. Organizations should monitor their WordPress installations for any suspicious file uploads or unexpected changes in the plugin's directories. Implementing a Web Application Firewall (WAF) with rules to block unauthorized file uploads can provide temporary protection. Restricting file upload permissions at the server level and enforcing strict file type validation through custom code or security plugins can reduce risk. Regularly auditing WordPress plugins for updates and vulnerabilities is critical. Once a patch becomes available, prompt application of the update is essential. Additionally, organizations should ensure that backups are current and tested to enable recovery in case of compromise. Monitoring logs for unusual activity related to the 'add_booking_type' route can help detect exploitation attempts early.
Affected Countries
Germany, United Kingdom, France, Italy, Spain, Netherlands, Poland, Sweden
CVE-2025-6058: CWE-434 Unrestricted Upload of File with Dangerous Type in iqonicdesign WPBookit
Description
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI-Powered Analysis
Technical Analysis
CVE-2025-6058 is a critical vulnerability affecting the WPBookit plugin for WordPress, developed by iqonicdesign. The vulnerability arises from the plugin's image_upload_handle() function, which is hooked via the 'add_booking_type' route. This function lacks proper file type validation, allowing unauthenticated attackers to upload arbitrary files to the server hosting the affected WordPress site. Since the plugin does not restrict the types of files that can be uploaded, attackers can potentially upload malicious scripts or executable files. This can lead to remote code execution (RCE), enabling attackers to execute arbitrary code on the server, compromise the website, steal data, or pivot to other internal systems. The vulnerability affects all versions up to and including 1.0.4 of WPBookit. The CVSS v3.1 base score is 9.8, indicating a critical severity with network attack vector, no privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability. No patches or fixes have been published yet, and no known exploits are reported in the wild at this time. However, the ease of exploitation and the critical impact make this a high-risk vulnerability for WordPress sites using this plugin.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for businesses relying on WordPress for their online presence and using the WPBookit plugin for booking or scheduling functionalities. Successful exploitation could lead to full server compromise, data breaches involving personal or financial information, defacement of websites, or disruption of online services. This can result in reputational damage, regulatory penalties under GDPR for data breaches, and operational downtime. Organizations in sectors such as hospitality, travel, event management, and service industries that use WPBookit for booking management are particularly at risk. Additionally, compromised servers could be used as a foothold for further attacks within the organization's network or as part of botnets, amplifying the threat landscape.
Mitigation Recommendations
Immediate mitigation steps include disabling or uninstalling the WPBookit plugin until a security patch is released. Organizations should monitor their WordPress installations for any suspicious file uploads or unexpected changes in the plugin's directories. Implementing a Web Application Firewall (WAF) with rules to block unauthorized file uploads can provide temporary protection. Restricting file upload permissions at the server level and enforcing strict file type validation through custom code or security plugins can reduce risk. Regularly auditing WordPress plugins for updates and vulnerabilities is critical. Once a patch becomes available, prompt application of the update is essential. Additionally, organizations should ensure that backups are current and tested to enable recovery in case of compromise. Monitoring logs for unusual activity related to the 'add_booking_type' route can help detect exploitation attempts early.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-13T12:58:43.616Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6871e88ea83201eaacb2c94c
Added to database: 7/12/2025, 4:46:06 AM
Last enriched: 7/12/2025, 5:01:16 AM
Last updated: 7/12/2025, 8:14:28 AM
Views: 6
Related Threats
CVE-2025-7468: Buffer Overflow in Tenda FH1201
HighCVE-2025-7467: SQL Injection in code-projects Modern Bag
MediumCVE-2025-7466: SQL Injection in 1000projects ABC Courier Management
MediumCVE-2025-6423: CWE-434 Unrestricted Upload of File with Dangerous Type in beeteam368 BeeTeam368 Extensions
HighCVE-2025-7465: Buffer Overflow in Tenda FH1201
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.