Ebook Store

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Basic Information

ID CVE-2025-7437

Source Wordfence

Published Jul 24, 2025 at 04:24

Modified Jul 24, 2025 at 13:36

Affected Product

Vendor motovnet

Product Ebook Store

Version *

Affected Versions motovnet Ebook Store *

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",
    "published": "2025-07-24T04:24:13.455Z",
    "modified": "2025-07-24T13:36:42.819Z",
    "type": "cve",
    "title": "Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc5c05d-51b7-4aee-bb4e-366ded45c4d8?source=cve\nhttps://plugins.trac.wordpress.org/browser/ebook-store/trunk/functions.php#L2442\nhttps://plugins.trac.wordpress.org/changeset/3328355",
    "id": "CVE-2025-7437",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "motovnet Ebook Store *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ebook Store",
    "version": "*",
    "vendor": "motovnet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload_CVE-2025-7437