Volerion logoVolerion
Volerion logoVolerion

Ebook Store WordPress Plugin Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the Ebook Store plugin for WordPress, affecting all versions through 5.8012. The issue arises from inadequate input sanitization and output escaping in the Order Details section. This vulnerability allows authenticated attackers with administrator-level access to inject arbitrary scripts that execute when users access the affected pages. The vulnerability is present in multi-site installations where unfiltered_html has been disabled.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, an authenticated user with administrator privileges can inject scripts into the Order Details section of the Ebook Store plugin. This can be done by accessing the Order Details meta box and entering a script payload. Once the order is saved, the injected script will execute when the order is viewed, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update the Ebook Store WordPress plugin to version 5.8013 or later.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
1.7
exploitability
6.0
remediation
7.7
relevance
0.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.