cleantalk
Vulnerabilities and Security Researches

Ebook Store, CVE-2025-7437

CVE, Research URL

CVE-2025-7437

Home page URL

Security reports for Ebook Store

Application

Ebook Store

Published on
Jul 24, 2025
Research Description
The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 5.8013.
Status
vulnerable
Previous vulnerability researches
ReachShip WooCommerce Multi-Carrier & Conditional Shipping (CVE-2025-53213) , Jul 27, 2025
New vulnerability
StreamWeasels Kick Integration (CVE-2025-7810) , Jul 30, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-13507) , Jul 30, 2025
Brizy – Page Builder (CVE-2025-4370) , Jul 29, 2025
Thumbnail carousel slider (CVE-2015-10144) , Jul 29, 2025
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions (CVE-2025-8104) , Jul 29, 2025