Ebook Store WordPress Plugin Reflected Cross-Site Scripting Vulnerability
Vulnerability
A reflected cross-site scripting vulnerability has been identified in the Ebook Store WordPress plugin, affecting versions prior to 5.8015. The issue arises because the plugin does not properly escape the $_SERVER['REQUEST_URI'] parameter before outputting it in an attribute. This flaw could be exploited in older web browsers.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, install the WP Super Cache plugin alongside the Ebook Store plugin version prior to 5.8015. Then, navigate to the WordPress admin options-general.php page and include a script payload in the 'REQUEST_URI' parameter. The injected script will be executed, demonstrating the cross-site scripting vulnerability.
Remediation
Users are advised to update the Ebook Store WordPress plugin to version 5.8015 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.