WordPress: Arbitrary File Upload Vulnerability

In the WPBookit plugin for WordPress, all versions up to and including 1.0.4 a critical severity vulnerability CVE-2025-6058 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially leading to remote code execution. To fix this issue, users should upgrade the plugin to version 1.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6058.