WPBookit

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   WPBookit

Information

Software Type Plugin
Software Slug wpbookit (view on wordpress.org)
Software Status Active
Software Author iqonicdesign
Software Website wpbookit.com
Software Downloads 4,178
Software Active Installs 10
Software Record Last Updated June 18, 2026

11 Vulnerabilities

Submit a Vulnerability
WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters
7.2
CVE-2026-1945
Mar 3, 2026
Researcher: MD. TAREQ AHAMED JONY (itztrq)
WPBookit <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure
5.3
CVE-2026-1980
Mar 3, 2026
Researcher: MD. TAREQ AHAMED JONY (itztrq)
WPBookit <= 1.0.7 - Cross-Site Request Forgery to Customer Deletion
4.3
CVE-2025-12685
Dec 12, 2025
Researcher: Drtime
WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2025-12135
Nov 20, 2025
Researcher: Ryan Kozak
WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function
9.8
CVE-2025-7852
Jul 23, 2025
Researcher: theviper17y
WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload
9.8
CVE-2025-6058
Jul 11, 2025
Researcher: stealthcopter
WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2025-6057
Jul 11, 2025
Researcher: theviper17y
WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover
9.8
CVE-2025-3810
May 8, 2025
Researcher: kr0d
WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update
9.8
CVE-2025-3811
May 8, 2025
Researcher: kr0d
WPBookit <= 1.0.7 - Missing Authorization
5.3
CVE-2025-32254
Apr 4, 2025
Researcher: Pham Van Tam
WPBookit <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2025-26910
Mar 9, 2025
Researcher: Khang Duong
Title Status CVE ID CVSS Researchers Date
WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters Patched CVE-2026-1945 7.2 MD. TAREQ AHAMED JONY (itztrq) March 3, 2026
WPBookit <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure Patched CVE-2026-1980 5.3 MD. TAREQ AHAMED JONY (itztrq) March 3, 2026
WPBookit <= 1.0.7 - Cross-Site Request Forgery to Customer Deletion Unpatched CVE-2025-12685 4.3 Drtime December 12, 2025
WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2025-12135 7.2 Ryan Kozak November 20, 2025
WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function Patched CVE-2025-7852 9.8 theviper17y July 23, 2025
WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload Patched CVE-2025-6058 9.8 stealthcopter July 11, 2025
WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload Patched CVE-2025-6057 8.8 theviper17y July 11, 2025
WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover Patched CVE-2025-3810 9.8 kr0d May 8, 2025
WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update Patched CVE-2025-3811 9.8 kr0d May 8, 2025
WPBookit <= 1.0.7 - Missing Authorization Patched CVE-2025-32254 5.3 Pham Van Tam April 4, 2025
WPBookit <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Patched CVE-2025-26910 6.1 Khang Duong March 9, 2025

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation