CVE Details
Basic Information
| Title | Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload |
|---|---|
| Type | cve |
| Published | 2025-07-24T04:24:13.455Z |
| Modified | 2025-07-24T04:24:13.455Z |
Product Information
| Vendor | motovnet |
|---|---|
| Product | Ebook Store |
| Version | * |
CVSS Information
| Base Score | 9.8 (CRITICAL) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | The Ebook Store WordPress plugin allows arbitrary file uploads due to missing validation, enabling attackers to upload malicious files and potentially execute remote code. |
|---|---|
| AI Severity | Critical |
| AI Vendor | WordPress Community |
| AI Product | Ebook Store |
| AI Version | 5.8012 |
Affected Products
- motovnet Ebook Store *
Additional Information
| CWE List | CWE-434 |
|---|---|
| Source | Wordfence |
Description
The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.