This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: WPBookit plugin has a critical **Arbitrary File Upload** flaw.β¦
π οΈ **Root Cause**: Missing **file type validation** in the `image_upload_handle()` function. <br>π **CWE**: CWE-434 (Arbitrary Upload of File with Dangerous Type).β¦
π― **Affected**: WordPress Plugin **WPBookit**. <br>π **Versions**: **1.0.4 and earlier**. <br>π’ **Vendor**: iqonicdesign. If you use this booking plugin, you are at risk!
Q4What can hackers do? (Privileges/Data)
βοΈ **Attacker Actions**: <br>1. Upload **any file** (PHP, JSP, etc.). <br>2. Execute code on the server. <br>3. Steal sensitive data or pivot to other systems.β¦
π **Threshold**: **LOW**. <br>π **Auth**: **Unauthenticated** (No login required). <br>βοΈ **Config**: Exploitable via the `add_booking_type` route. Easy to trigger for any visitor.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploits**: **YES**, multiple public PoCs exist. <br>π GitHub repos (Nxploited, 0xgh057r3c0n, zr1p3r) and Nuclei templates are available. Wild exploitation is highly likely.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Scan for WPBookit version β€ 1.0.4. <br>2. Use Nuclei template `CVE-2025-6058.yaml`. <br>3. Check if `image_upload_handle` endpoint exists without auth checks.
Q8Is it fixed officially? (Patch/Mitigation)
π‘οΈ **Fix**: Update WPBookit to a version **> 1.0.4**. <br>π **Reference**: Check WordPress Trac for the patch commit. Ensure the vendor has released a fixed version.
Q9What if no patch? (Workaround)
π§ **No Patch?**: <br>1. **Disable** the WPBookit plugin immediately. <br>2. Block access to the `add_booking_type` endpoint via WAF. <br>3. Restrict file upload permissions in `wp-config.php` or server config.
Q10Is it urgent? (Priority Suggestion)
π¨ **Urgency**: **CRITICAL**. <br>β±οΈ **Priority**: **Immediate Action Required**. Unauthenticated RCE via file upload is a top-tier threat. Patch or disable NOW!