exploitDog

CVE-2025-0357

Опубликовано: 25 янв. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Ссылки

https://documentation.iqonic.design/wpbookit/versions/change-log
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/19bf7a68-e76d-4740-9f35-b6084094f59b?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iqonic:wpbookit:*:*:*:*:pro:wordpress:*:*

Версия до 1.6.10 (исключая)

EPSS

Процентиль: 78%

0.01115

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-j5r5-3qc9-3h7c

CVSS3: 9.8

github

около 1 года назад

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

EPSS

Процентиль: 78%

0.01115

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434