CVE-2025-6057

Name of the Vulnerable Software and Affected Versions: WPBookit versions up to and including 1.0.4

Description: The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle image upload() function. This allows authenticated attackers with Subscriber-level access or higher to upload arbitrary files to the affected server, potentially leading to remote code execution.

Recommendations: Update WPBookit to a version later than 1.0.4.