CVE-2025-3810
📋 TL;DR
The WPBookit WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to change any user's email and password, including administrators. This enables complete account takeover and privilege escalation. All WordPress sites using WPBookit version 1.0.2 or earlier are affected.
💻 Affected Systems
- WPBookit WordPress Plugin
📦 What is this software?
Wpbookit by Iqonic
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise - attackers can take over administrator accounts, install backdoors, steal sensitive data, and deface or destroy the website.
Likely Case
Administrative account takeover leading to data theft, malware installation, and site defacement.
If Mitigated
Limited impact if strong network controls prevent external access, but internal threats remain.
🎯 Exploit Status
Simple HTTP POST request to vulnerable endpoint with minimal technical skill required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3278939/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WPBookit and update to version 1.0.3 or later. 4. If update not available, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Disable WPBookit Plugin
allTemporarily deactivate the vulnerable plugin until patched version is available.
wp plugin deactivate wpbookit
Web Application Firewall Rule
linuxBlock access to the vulnerable endpoint using WAF or .htaccess rules.
RewriteEngine On
RewriteRule ^wp-content/plugins/wpbookit/.*\.php$ - [F,L]
🧯 If You Can't Patch
- Immediately deactivate and remove the WPBookit plugin from all WordPress installations.
- Implement strict network segmentation and firewall rules to limit access to WordPress admin interfaces.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WPBookit version 1.0.2 or earlier.Check Version:
wp plugin list --name=wpbookit --field=versionVerify Fix Applied:
Verify WPBookit plugin version is 1.0.3 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-content/plugins/wpbookit/ endpoints with user modification parameters
- Multiple failed login attempts followed by successful login from new IP/location
- User profile changes (email/password) from unauthenticated IPs
Network Indicators:
- HTTP POST requests to wpbookit profile endpoints without authentication cookies
- Traffic patterns showing account takeover attempts
SIEM Query:
source="web_logs" AND uri="/wp-content/plugins/wpbookit/" AND method="POST" AND (form_data CONTAINS "email" OR form_data CONTAINS "password") AND NOT cookie CONTAINS "wordpress_logged_in"