Ebook Store <= 5.8012 - Authenticated (Administrator+) Stored Cross-Site Scripting via Order Details

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title Ebook Store <= 5.8012 - Authenticated (Administrator+) Stored Cross-Site Scripting via Order Details
Type cve
Published 2025-07-21T22:21:58.221Z
Modified 2025-07-21T22:21:58.221Z

Product Information

Vendor motovnet
Product Ebook Store
Version *

CVSS Information

Base Score 4.4 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Affected Products

  • motovnet Ebook Store *

Additional Information

CWE List CWE-79
Source Wordfence

Description

The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up to, and including, 5.8012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.