{"id":59741,"date":"2025-07-30T00:59:16","date_gmt":"2025-07-30T00:59:16","guid":{"rendered":""},"modified":"2025-08-31T21:18:58","modified_gmt":"2025-09-01T03:18:58","slug":"cve-2025-7852-arbitrary-file-upload-vulnerability-in-wpbookit-plugin-for-wordpress","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-7852-arbitrary-file-upload-vulnerability-in-wpbookit-plugin-for-wordpress\/","title":{"rendered":"CVE-2025-7852: Arbitrary File Upload Vulnerability in WPBookit Plugin for WordPress<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-7852 is a critical security vulnerability that affects the WPBookit plugin for WordPress, which is used widely for managing bookings on WordPress sites. This vulnerability allows unauthenticated attackers to upload arbitrary files on the server of an affected site due to a lack of file type validation in the image_upload_handle() function. The severity of this vulnerability lies in the fact that it can potentially lead to a system compromise and data leakage, making it a significant threat for any WordPress site running the vulnerable<\/a> version of the WPBookit plugin.
\nThe vulnerability has been attributed a high CVSS severity<\/a> score of 9.8, highlighting the urgent need for affected users to apply the vendor patch or use Web Application Firewalls (WAF) or Intrusion Detection Systems (IDS) as temporary mitigation measures.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-7852
\nSeverity: Critical (CVSS: 9.8)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System compromise or data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n