Primary

Context

Ebook Store WordPress Plugin Arbitrary File Upload Vulnerability Allowing Unauthenticated Access

Vulnerability

Patched

A vulnerability exists in the Ebook Store plugin for WordPress, affecting all versions through 5.8012. The issue arises from inadequate file type validation in the 'ebook_store_save_form' function, allowing unauthenticated users to upload arbitrary files to the server. This could potentially lead to remote code execution.

Impact

Exploitation of this vulnerability could result in unauthorized file uploads, with the possibility of executing malicious code on the server.

Reproduction

The vulnerability can be reproduced by uploading a file through the Ebook Store plugin's form upload feature. The absence of proper file type validation allows for the upload of files that could be executed as code on the server.

Remediation

Users are advised to update the Ebook Store plugin to version 5.8013 or later.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

8.6

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

8.6

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ebook Store WordPress Plugin Arbitrary File Upload Vulnerability Allowing Unauthenticated Access

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Ebook Store

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating