CVE-2025-6058

CRITICAL NUCLEI

WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload via image_upload_handle Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2025-6058. PoCs published by 0xgh057r3c0n, Nxploited, Boshe99. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a functional exploit for CVE-2025-6058, targeting an unauthenticated file upload vulnerability in the WPBookit WordPress plugin (≤ 1.0.4). It uploads a PHP shell and provides an interactive command execution interface.

Description

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploits (4)

nomisec WORKING POC 1 stars
by 0xgh057r3c0n · poc
https://github.com/0xgh057r3c0n/CVE-2025-6058

This is a functional exploit for CVE-2025-6058, targeting an unauthenticated file upload vulnerability in the WPBookit WordPress plugin (≤ 1.0.4). It uploads a PHP shell and provides an interactive command execution interface.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress WPBookit plugin ≤ 1.0.4
No auth needed
Prerequisites: Target must have WPBookit plugin ≤ 1.0.4 installed · Access to the WordPress admin-ajax.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Nxploited · poc
https://github.com/Nxploited/CVE-2025-6058

This exploit automates the detection and exploitation of an unauthenticated arbitrary file upload vulnerability in WPBookit WordPress plugin versions <= 1.0.4, leading to remote code execution via a PHP shell upload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WPBookit WordPress plugin <= 1.0.4
No auth needed
Prerequisites: Target running vulnerable WPBookit plugin · Access to the WordPress admin-ajax.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-6058

The repository contains functional exploit code for CVE-2025-6058, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin 3DPrint Lite 1.9.1.4
No auth needed
Prerequisites: Vulnerable WordPress plugin installed · Network access to the target
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec SCANNER
by JayVillain · poc
https://github.com/JayVillain/Scan-CVE-2025-6058

This repository contains two Python scripts for scanning WordPress sites to detect the presence of the WPBookit plugin and check if it is vulnerable to CVE-2025-6058. The scripts perform version checks against a threshold (≤1.0.4) and output results in CSV or text format.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WPBookit WordPress plugin ≤1.0.4
No auth needed
Prerequisites: List of target URLs or domains
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload
CRITICALVERIFIEDby pussycat0x
FOFA: body="/wp-content/plugins/wpbookit/"

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.2673
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
iqonic/wpbookit < 1.0.5
iqonicdesign/WPBookit < 1.0.4
Published Jul 12, 2025
Tracked Since Feb 18, 2026