Vulnerabilities and security researches forebook-store ebook-store

Jun 07, 2024

CVE, Research URL: CVE-2024-23501
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: Feb 29, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through 5.788.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: ffe6f72e9fa817666514b597b5432d0b26f03e1b
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: Apr 19, 2023
Research Description: Ebook Store [ebook-store] < 5.78 WordPress Ebook Store Plugin <= 5.775 is vulnerable to Broken Authentication No patched version is available. yuyudhn discovered and reported this Broken Authentication vulnerability in WordPress Ebook Store Plugin. This can be abused by a malicious actor to perform action which normally should only be able to be executed by higher privileged users. These actions might allow the malicious actor to gain admin access to the website. This vulnerability has not been known to be fixed yet.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-22690
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: May 15, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.775 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-45602
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: Oct 18, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.785 versions.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-22701
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.
Affected versions: Min -, max -.
Status: vulnerable

Aug 03, 2024

CVE, Research URL: CVE-2024-6567
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: Aug 02, 2024
Research Description: The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Affected versions: Min -, max -.
Status: vulnerable

Dec 22, 2024

CVE, Research URL: CVE-2024-11287
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: Dec 21, 2024
Research Description: The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-12262
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: Dec 21, 2024
Research Description: The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47589
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: May 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows DOM-Based XSS. This issue affects Ebook Store: from n/a through 5.8007.
Affected versions: Min -, max -.
Status: vulnerable

Jun 19, 2025

CVE, Research URL: CVE-2025-49862
Home page URL: Security reports for Ebook Store
Application: Ebook Store
Date: Jun 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows Stored XSS. This issue affects Ebook Store: from n/a through 5.8008.
Affected versions: Min -, max -.
Status: vulnerable