cbcvebase.

Motovnet Ebook Store vulnerabilities

5 known vulnerabilities affecting motovnet/ebook_store.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-7437P2CRITICALCVSS 9.8≤ 5.80122025-07-24
CVE-2025-7437 [CRITICAL] CWE-434 CVE-2025-7437: The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file typ The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible
nvd
CVE-2024-6567P4MEDIUMCVSS 5.3≤ 5.80012024-08-02
CVE-2024-6567 [MEDIUM] CWE-200 CVE-2024-6567: The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, an The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web appli
nvd
CVE-2024-12262P4MEDIUMCVSS 6.1≤ 5.80012024-12-21
CVE-2024-12262 [MEDIUM] CWE-79 CVE-2024-12262: The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick
nvd
CVE-2024-11287P4MEDIUMCVSS 6.1≤ 5.80012024-12-21
CVE-2024-11287 [MEDIUM] CWE-79 CVE-2024-11287: The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into
nvd
CVE-2025-7486P4MEDIUMCVSS 4.4≤ 5.80122025-07-21
CVE-2025-7486 [MEDIUM] CWE-79 CVE-2025-7486: The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Deta The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up to, and including, 5.8012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute w
nvd
Motovnet Ebook Store vulnerabilities | cvebase