VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 13 known issues Latest disclosed Jul 30, 2025

Ebook Store Vulnerabilities

Review known vulnerability records for the WordPress plugin Ebook Store (`ebook-store`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-54702, CVE-2025-8113 and CVE-2025-7437, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
13
High or Critical
1
Patch Coverage
100%
Last Updated
Aug 25, 2025
Priority CVE Quick Links

Fast paths into Ebook Store CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
13
CVE-2025-7437 Critical 5.8013
CVE-2025-7437 Ebook Store Remote Code Execution

Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload

CVE-2023-22701 Medium 5.78
CVE-2023-22701 Ebook Store Vulnerability

Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders

CVE-2025-47589 Medium 5.8010
CVE-2025-47589 Ebook Store Stored Cross-Site Scripting

Ebook Store <= 5.8009 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-8113 Medium 5.8015
CVE-2025-8113 Ebook Store Cross-Site Scripting

Ebook Store <= 5.8014 - Reflected Cross-Site Scripting

CVE-2024-11287 Medium 5.8002
CVE-2024-11287 Ebook Store Cross-Site Scripting

Ebook Store <= 5.8001 - Reflected Cross-Site Scripting

CVE-2024-12262 Medium 5.8002
CVE-2024-12262 Ebook Store Cross-Site Scripting

Ebook Store <= 5.8001 - Reflected Cross-Site Scripting via 'step'

CVE-2023-45602 Medium 5.8010
CVE-2023-45602 Ebook Store Cross-Site Scripting

Ebook Store <= 5.8009 - Reflected Cross-Site Scripting

CVE-2024-6567 Medium 5.8002
CVE-2024-6567 Ebook Store Vulnerability

Ebook Store <= 5.8001 - Unauthenticated Full Path Disclosure

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Ebook Store so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
13 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 0 high severity findings.
Recent CVEs
CVE-2025-54702, CVE-2025-8113 and CVE-2025-7437
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Ebook Store

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-54702
CVE-2025-54702: Ebook Store <= 5.8013 - Cross-Site Request Forgery

The Ebook Store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.8013. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized actio...

Published
Jul 30, 2025
Patched Release
5.8014
Affected Versions
Versions up to 5.8013
Next Step
Update to 5.8014 or newer if supported.
Open CVE-2025-54702 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-8113
CVE-2025-8113: Ebook Store <= 5.8014 - Reflected Cross-Site Scripting

The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['REQUEST_URI'] parameter in all versions up to, and including, 5.8014 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attac...

Published
Jul 26, 2025
Patched Release
5.8015
Affected Versions
Versions up to 5.8014
Next Step
Update to 5.8015 or newer if supported.
Open CVE-2025-8113 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2025-7437
CVE-2025-7437: Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload

The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

Published
Jul 23, 2025
Patched Release
5.8013
Affected Versions
Versions up to 5.8012
Next Step
Update to 5.8013 or newer if supported.
Open CVE-2025-7437 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-7486
CVE-2025-7486: Ebook Store <= 5.8012 - Authenticated (Administrator+) Stored Cross-Site Scripting via Order Details

The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up to, and including, 5.8012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-...

Published
Jul 21, 2025
Patched Release
5.8013
Affected Versions
Versions up to 5.8012
Next Step
Update to 5.8013 or newer if supported.
Open CVE-2025-7486 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-49862
CVE-2025-49862: Ebook Store <= 5.8008 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.8008 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to...

Published
Jun 12, 2025
Patched Release
5.8009
Affected Versions
Versions up to 5.8008
Next Step
Update to 5.8009 or newer if supported.
Open CVE-2025-49862 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-47589
CVE-2025-47589: Ebook Store <= 5.8009 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.8009 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i...

Published
May 07, 2025
Patched Release
5.8010
Affected Versions
Versions up to 5.8009
Next Step
Update to 5.8010 or newer if supported.
Open CVE-2025-47589 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-11287
CVE-2024-11287: Ebook Store <= 5.8001 - Reflected Cross-Site Scripting

The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web...

Published
Dec 20, 2024
Patched Release
5.8002
Affected Versions
Versions up to 5.8001
Next Step
Update to 5.8002 or newer if supported.
Open CVE-2024-11287 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12262
CVE-2024-12262: Ebook Store <= 5.8001 - Reflected Cross-Site Scripting via 'step'

The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ar...

Published
Dec 20, 2024
Patched Release
5.8002
Affected Versions
Versions up to 5.8001
Next Step
Update to 5.8002 or newer if supported.
Open CVE-2024-12262 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6567
CVE-2024-6567: Ebook Store <= 5.8001 - Unauthenticated Full Path Disclosure

The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible...

Published
Aug 01, 2024
Patched Release
5.8002
Affected Versions
Versions up to 5.8001
Next Step
Update to 5.8002 or newer if supported.
Open CVE-2024-6567 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-23501
CVE-2024-23501: Ebook Store <= 5.8001 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

Published
Mar 01, 2024
Patched Release
5.8002
Affected Versions
Versions up to 5.8001
Next Step
Update to 5.8002 or newer if supported.
Open CVE-2024-23501 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-45602
CVE-2023-45602: Ebook Store <= 5.8009 - Reflected Cross-Site Scripting

The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.8009 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

Published
Oct 09, 2023
Patched Release
5.8010
Affected Versions
Versions up to 5.8009
Next Step
Update to 5.8010 or newer if supported.
Open CVE-2023-45602 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-22701
CVE-2023-22701: Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders

The Ebook Store plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ebook_store_export_orders function in versions up to, and including, 5.775. This makes it possible for unauthenticated attackers to export order info.

Published
Apr 19, 2023
Patched Release
5.78
Affected Versions
Versions up to 5.775
Next Step
Update to 5.78 or newer if supported.
Open CVE-2023-22701 Report Open CVE Reference