Every CVE whose affected-product data names Iqonic Wpbookit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2024-10215 — CVSS 9.8 (critical): The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to…
CVE-2025-0357 — CVSS 9.8 (critical): The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the…
CVE-2025-3810 — CVSS 9.8 (critical): The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2…
CVE-2025-3811 — CVSS 9.8 (critical): The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2…
CVE-2025-6058 — CVSS 9.8 (critical): The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle()…
CVE-2024-54280 — CVSS 9.3 (critical): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit…
CVE-2025-6057 — CVSS 8.8 (high): The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload()…