Critical severity9.8NVD Advisory· Published Jul 12, 2025· Updated Jun 17, 2026
CVE-2025-6058
CVE-2025-6058
Description
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.