WPBookit

Vulnerabilities 13Slug wpbookitLatest version 1.0.9WordPress.org →

Minimum safe version

1.6.10

Update to 1.6.10 or later to address 12 fixable vulnerabilities

Latest available1.0.9 ⚠ 1 vulnerability has no fix
N/A
2026-03-03< 1.0.9

WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters

WordfenceCVE
N/A
2026-03-03< 1.0.9

WPBookit <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure

WordfenceCVE
Medium 6.5 Unfixed
2026-01-02≤ 1.0.7

WPBookit <= 1.0.7 - Customer Deletion via CSRF

CVEWordfence
Critical 9.8
2025-07-24< 1.0.7

WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function

EUVDWordfenceCVE
Critical 9.8
2025-07-11< 1.0.5

WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload

WordfenceCVE
High 8.8
2025-07-12< 1.0.5

WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload

EUVDWordfenceCVE
Critical 9.8
2025-05-09< 1.0.3

WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update

EUVDWordfenceCVE
Critical 9.8
2025-05-09< 1.0.3

WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover

EUVDWordfenceCVE
Critical 9.8
2025-01-25< 1.6.10

WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload

EUVDWordfenceCVE
Critical 9.8
2025-01-09< 1.6.6

CVE-2024-10215

CVEWordfence