CVE-2025-8113

The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8113 Ebook Store < 5.8015 - Reflected XSS via $_SERVER['REQUEST_URI']

The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-7437 Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload

The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebookstoresaveform function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2024-6567

CVE-2024-6567 affects the WordPress Ebook Store plugin (versions up to 5.8001). The root cause is a Full Path Disclosure caused by the plugin using fpdi-protection and failing to block direct access to test files that have display_errors enabled. This unauthenticated disclosure can reveal the web...