Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.775 versions.
5.9CVSS
4.9AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.785 versions.
7.1CVSS
6AI Score
0.001EPSS
The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticate...
5.3CVSS
5.1AI Score
0.0005EPSS