漏洞描述
WPBookit 是一个用于 WordPress 的插件,旨在为用户提供在线预订和预约功能。WPBookit 版本 1.0.4 及以下版本在 /wp-admin/admin-ajax.php 接口中存在文件上传漏洞。未经身份验证的攻击者可以利用该漏洞上传恶意文件,从而在受影响的服务器上执行任意代码。
WordPress WPBookit <= 1.0.4 /wp-admin/admin-ajax.php 文件上传漏洞 (CVE-2025-6058)
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-15041: MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
- POC CVE-2018-7765: Schneider Electric U.motion Builder - SQL Injection
- POC CVE-2019-12935: Shopware < 5.5.8 - Cross-Site Scripting
- POC CVE-2019-14206: Nevma Adaptive Images - Arbitrary File Deletion
- POC CVE-2020-19363: Vtiger CRM v7.2.0 - Directory Listing
- POC CVE-2021-28799: QNAP HBS 3 - Broken Access Control
- POC CVE-2021-37598: WP Cerber < 8.9.3 - Broken Access Control
- POC CVE-2023-33960: OpenProject < 12.5.4 - Project Identifiers Exposure
- POC CVE-2023-52163: Digiever DS-2105 Pro - Command Injection
- POC CVE-2024-29137: WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting
- POC CVE-2024-29792: Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting
- POC CVE-2024-56159: Astro - Information Disclosure
- POC CVE-2025-4210: Casdoor - Authorization Bypass