WPBookit 任意文件上传漏洞
漏洞信息
漏洞名称: WPBookit 任意文件上传漏洞
漏洞编号:
- CVE: CVE-2025-6058
漏洞类型: 文件上传
漏洞等级: 严重
漏洞描述: WPBookit是WordPress的一个插件,用于在线预约和预订管理。它广泛应用于各种WordPress网站中,特别是那些需要提供预约服务的商业和个人网站。由于其功能的便利性,WPBookit在WordPress社区中有一定的用户基础。该插件在版本1.0.4及之前存在一个严重的未授权任意文件上传漏洞。这个漏洞的根源在于image_upload_handle()函数中缺少对上传文件类型的验证,该函数通过add_booking_type路由被调用。攻击者可以利用这一漏洞,无需任何认证即可上传任意文件到受影响的服务器上,包括PHP后门文件,从而导致远程代码执行的风险。由于漏洞的利用无需认证,且可以自动化执行,因此对使用受影响版本插件的网站构成了极高的安全威胁。攻击者一旦成功利用此漏洞,可以完全控制受影响的网站服务器,执行任意代码,窃取敏感数据,甚至进一步渗透内网。
产品厂商: WPBookit
产品名称: WPBookit
影响版本: <= 1.0.4
来源: https://github.com/Nxploited/CVE-2025-6058
类型: CVE-2025:github search
仓库文件
- CVE-2025-6058.py
- README.md
- requirements.txt
来源概述
⚡ WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload
📝 Description
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function, which is hooked via the add_booking_type route in all versions up to, and including, 1.0.4.
This flaw allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially leading to remote code execution.
| CVE | CVSS Score | Publicly Published | Last Updated |
|---|---|---|---|
| CVE-2025-6058 | 9.8 (Critical) | July 11, 2025 | July 12, 2025 |
🚀 What does this exploit do?
This exploit automates the process of:
- Detecting if the target is running a vulnerable version of WPBookit (<= 1.0.4)
- Uploading a PHP shell using the vulnerable route, without authentication
- Confirming the shell upload and providing its exact path for remote command execution
🛠️ Usage
1 | |
🖥️ Example
1 | |
🆘 Help & Banner Example
1 | |
📤 Output
1 | |
⚠️ Disclaimer
This tool is provided for educational and authorized security testing purposes only.
The author is not responsible for any misuse or unauthorized activity.
Use at your own risk and always ensure you have permission to test the target system.
By: Khaled Alenazi (Nxploited)