CVE-2025-7852: CWE-434 Unrestricted Upload of File with Dangerous Type in iqonicdesign WPBookit
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_new_customer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls move_uploaded_file() on client‐supplied files without restricting allowed extensions or MIME types, nor sanitizing the filename. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI Analysis
Technical Summary
CVE-2025-7852 is a critical security vulnerability identified in the WPBookit plugin for WordPress, developed by iqonicdesign. The vulnerability stems from improper handling of file uploads in the image_upload_handle() function, which is triggered via the 'add_new_customer' route. Specifically, the plugin fails to validate the file type of uploaded files, neither restricting allowed extensions nor verifying MIME types, and does not sanitize filenames before saving. This lack of validation allows unauthenticated attackers to upload arbitrary files directly to the server hosting the WordPress site. Since the uploaded files can be of any type, including executable scripts, this can lead to remote code execution (RCE) on the affected server. The vulnerability affects all versions of WPBookit up to and including version 1.0.6. The CVSS v3.1 base score is 9.8, indicating a critical severity level. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits have been reported in the wild yet, the ease of exploitation and the potential impact make this vulnerability highly dangerous. The CWE-434 classification corresponds to 'Unrestricted Upload of File with Dangerous Type,' highlighting the core issue of insufficient file upload validation. This vulnerability can be exploited by attackers to upload malicious web shells or scripts, enabling full control over the compromised server, data theft, defacement, or pivoting to other internal systems.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress sites with the WPBookit plugin installed. Successful exploitation can lead to complete compromise of the web server, exposing sensitive customer data, internal business information, and potentially allowing attackers to use the compromised server as a foothold for further attacks within the corporate network. Given the critical nature of the vulnerability and the fact that it requires no authentication or user interaction, attackers can remotely exploit it at scale. This can result in data breaches violating GDPR regulations, leading to heavy fines and reputational damage. Additionally, compromised servers may be used to distribute malware or conduct phishing campaigns targeting European users. The availability of the affected plugin across various industries, including hospitality and booking services, increases the potential impact on sectors critical to the European economy. The absence of a patch at the time of disclosure further exacerbates the risk, necessitating immediate mitigation measures.
Mitigation Recommendations
1. Immediate removal or deactivation of the WPBookit plugin until a secure patched version is released. 2. Implement strict web application firewall (WAF) rules to detect and block suspicious file upload attempts targeting the 'add_new_customer' route or the image_upload_handle() function. 3. Employ server-side file upload restrictions by configuring the web server to disallow execution of uploaded files in the plugin's upload directories (e.g., disabling PHP execution in upload folders). 4. Monitor web server logs for unusual upload activity or access patterns indicative of exploitation attempts. 5. Conduct a thorough audit of existing uploads to identify and remove any potentially malicious files. 6. Apply principle of least privilege to the web server process, limiting its ability to execute or write files outside designated safe directories. 7. Once available, promptly update the WPBookit plugin to a patched version that includes proper file type validation and filename sanitization. 8. Educate site administrators on the risks of installing unverified plugins and the importance of timely updates and security monitoring.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Belgium, Austria
CVE-2025-7852: CWE-434 Unrestricted Upload of File with Dangerous Type in iqonicdesign WPBookit
Description
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_new_customer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls move_uploaded_file() on client‐supplied files without restricting allowed extensions or MIME types, nor sanitizing the filename. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI-Powered Analysis
Technical Analysis
CVE-2025-7852 is a critical security vulnerability identified in the WPBookit plugin for WordPress, developed by iqonicdesign. The vulnerability stems from improper handling of file uploads in the image_upload_handle() function, which is triggered via the 'add_new_customer' route. Specifically, the plugin fails to validate the file type of uploaded files, neither restricting allowed extensions nor verifying MIME types, and does not sanitize filenames before saving. This lack of validation allows unauthenticated attackers to upload arbitrary files directly to the server hosting the WordPress site. Since the uploaded files can be of any type, including executable scripts, this can lead to remote code execution (RCE) on the affected server. The vulnerability affects all versions of WPBookit up to and including version 1.0.6. The CVSS v3.1 base score is 9.8, indicating a critical severity level. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits have been reported in the wild yet, the ease of exploitation and the potential impact make this vulnerability highly dangerous. The CWE-434 classification corresponds to 'Unrestricted Upload of File with Dangerous Type,' highlighting the core issue of insufficient file upload validation. This vulnerability can be exploited by attackers to upload malicious web shells or scripts, enabling full control over the compromised server, data theft, defacement, or pivoting to other internal systems.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress sites with the WPBookit plugin installed. Successful exploitation can lead to complete compromise of the web server, exposing sensitive customer data, internal business information, and potentially allowing attackers to use the compromised server as a foothold for further attacks within the corporate network. Given the critical nature of the vulnerability and the fact that it requires no authentication or user interaction, attackers can remotely exploit it at scale. This can result in data breaches violating GDPR regulations, leading to heavy fines and reputational damage. Additionally, compromised servers may be used to distribute malware or conduct phishing campaigns targeting European users. The availability of the affected plugin across various industries, including hospitality and booking services, increases the potential impact on sectors critical to the European economy. The absence of a patch at the time of disclosure further exacerbates the risk, necessitating immediate mitigation measures.
Mitigation Recommendations
1. Immediate removal or deactivation of the WPBookit plugin until a secure patched version is released. 2. Implement strict web application firewall (WAF) rules to detect and block suspicious file upload attempts targeting the 'add_new_customer' route or the image_upload_handle() function. 3. Employ server-side file upload restrictions by configuring the web server to disallow execution of uploaded files in the plugin's upload directories (e.g., disabling PHP execution in upload folders). 4. Monitor web server logs for unusual upload activity or access patterns indicative of exploitation attempts. 5. Conduct a thorough audit of existing uploads to identify and remove any potentially malicious files. 6. Apply principle of least privilege to the web server process, limiting its ability to execute or write files outside designated safe directories. 7. Once available, promptly update the WPBookit plugin to a patched version that includes proper file type validation and filename sanitization. 8. Educate site administrators on the risks of installing unverified plugins and the importance of timely updates and security monitoring.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-07-18T22:04:48.835Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6881b76dad5a09ad00306ad0
Added to database: 7/24/2025, 4:32:45 AM
Last enriched: 7/24/2025, 4:47:44 AM
Last updated: 8/18/2025, 1:22:23 AM
Views: 37
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.