CVE-2025-0357 – The WPBookit WordPress plugin allows unauthenti... (How to Fix)

Q: What is the severity of CVE-2025-0357?

CVE-2025-0357 has a CVSS score of 9.8 (CRITICAL). The WPBookit WordPress plugin allows unauthenticated attackers to upload arbitrary files due to insufficient file type validation. This vulnerability affects versions up to 1.6.9 and can lead to remote code execution on vulnerable WordPress sites.

📋 TL;DR

The WPBookit WordPress plugin allows unauthenticated attackers to upload arbitrary files due to insufficient file type validation. This vulnerability affects versions up to 1.6.9 and can lead to remote code execution on vulnerable WordPress sites.

💻 Affected Systems

Products:

WPBookit WordPress Plugin

Versions: Up to and including 1.6.9

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with vulnerable WPBookit plugin versions enabled.

📦 What is this software?

Wpbookit by Iqonic

View all CVEs affecting Wpbookit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through remote code execution, allowing attackers to install malware, steal data, or use the server for further attacks.

🟠

Likely Case

Attackers upload web shells to gain persistent access, deface websites, or install cryptocurrency miners.

🟢

If Mitigated

File uploads blocked or monitored, limiting damage to attempted uploads that are detected and prevented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST requests with malicious files can exploit this vulnerability without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.0 or later

Vendor Advisory: https://documentation.iqonic.design/wpbookit/versions/change-log

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WPBookit plugin. 4. Click 'Update Now' if update available. 5. If no update available, download version 1.7.0+ from official source and manually update.

🔧 Temporary Workarounds

Disable WPBookit Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate wpbookit

Web Application Firewall Rule

all

Block file upload requests to WPBookit endpoints.

Add WAF rule to block POST requests containing 'WPB_Profile_controller::handle_image_upload'

🧯 If You Can't Patch

Implement strict file upload validation at web server level
Monitor file upload directories for suspicious files and implement file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check WPBookit plugin version in WordPress admin panel under Plugins > Installed Plugins.

Check Version:

wp plugin get wpbookit --field=version

Verify Fix Applied:

Verify WPBookit plugin version is 1.7.0 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to wp-admin/admin-ajax.php with file upload parameters
Files with suspicious extensions (.php, .phtml, .jsp) appearing in upload directories

Network Indicators:

HTTP POST requests to WPBookit endpoints with file uploads from unexpected sources

SIEM Query:

source="web_server_logs" AND (uri_path="*/admin-ajax.php*" AND method="POST" AND (user_agent="*curl*" OR user_agent="*wget*" OR user_agent="*python*"))

📊 Metadata

CVE ID: CVE-2025-0357

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 1.12% exploit probability (77.8th percentile)

Published: January 25, 2025

Last Updated: June 27, 2025

🔗 References

https://documentation.iqonic.design/wpbookit/versions/change-log Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/19bf7a68-e76d-4740-9f35-b6084094f59b?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0357, you might also want to check these: