CVE-2025-7852 is a critical security vulnerability identified in the WPBookit plugin for WordPress, developed by iqonicdesign. The vulnerability stems from improper handling of file uploads in the image_upload_handle() function, which is triggered via the 'add_new_customer' route. Specifically, the plugin fails to validate the file type of uploaded files, neither restricting allowed extensions nor verifying MIME types, and does not sanitize filenames before saving. This lack of validation allows unauthenticated attackers to upload arbitrary files directly to the server hosting the WordPress site. Since the uploaded files can be of any type, including executable scripts, this can lead to remote code execution (RCE) on the affected server. The vulnerability affects all versions of WPBookit up to and including version 1.0.6. The CVSS v3.1 base score is 9.8, indicating a critical severity level. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits have been reported in the wild yet, the ease of exploitation and the potential impact make this vulnerability highly dangerous. The CWE-434 classification corresponds to 'Unrestricted Upload of File with Dangerous Type,' highlighting the core issue of insufficient file upload validation. This vulnerability can be exploited by attackers to upload malicious web shells or scripts, enabling full control over the compromised server, data theft, defacement, or pivoting to other internal systems.

For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress sites with the WPBookit plugin installed. Successful exploitation can lead to complete compromise of the web server, exposing sensitive customer data, internal business information, and potentially allowing attackers to use the compromised server as a foothold for further attacks within the corporate network. Given the critical nature of the vulnerability and the fact that it requires no authentication or user interaction, attackers can remotely exploit it at scale. This can result in data breaches violating GDPR regulations, leading to heavy fines and reputational damage. Additionally, compromised servers may be used to distribute malware or conduct phishing campaigns targeting European users. The availability of the affected plugin across various industries, including hospitality and booking services, increases the potential impact on sectors critical to the European economy. The absence of a patch at the time of disclosure further exacerbates the risk, necessitating immediate mitigation measures.

1. Immediate removal or deactivation of the WPBookit plugin until a secure patched version is released. 2. Implement strict web application firewall (WAF) rules to detect and block suspicious file upload attempts targeting the 'add_new_customer' route or the image_upload_handle() function. 3. Employ server-side file upload restrictions by configuring the web server to disallow execution of uploaded files in the plugin's upload directories (e.g., disabling PHP execution in upload folders). 4. Monitor web server logs for unusual upload activity or access patterns indicative of exploitation attempts. 5. Conduct a thorough audit of existing uploads to identify and remove any potentially malicious files. 6. Apply principle of least privilege to the web server process, limiting its ability to execute or write files outside designated safe directories. 7. Once available, promptly update the WPBookit plugin to a patched version that includes proper file type validation and filename sanitization. 8. Educate site administrators on the risks of installing unverified plugins and the importance of timely updates and security monitoring.