cleantalk
Vulnerabilities and Security Researches

Ebook Store, CVE-2025-7437

CVE, Research URL

CVE-2025-7437

Home page URL

Security reports for Ebook Store

Application

Ebook Store

Published on
Jul 24, 2025
Research Description
The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 5.8013.
Status
vulnerable
Previous vulnerability researches
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] (CVE-2024-32110) , Jun 07, 2024
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] (f64572abde00d3857cb9fdce12fbcb6cb254eae6) , Jun 07, 2024
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] (CVE-2024-37515) , Jul 09, 2024
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] (CVE-2024-5669) , Jul 10, 2024
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] (CVE-2024-5704) , Jul 10, 2024
New vulnerability
Brizy – Page Builder (CVE-2025-4370) , Jul 29, 2025
Thumbnail carousel slider (CVE-2015-10144) , Jul 29, 2025
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions (CVE-2025-8104) , Jul 29, 2025
Ebook Store (CVE-2025-7437) , Jul 29, 2025
Geo Mashup (CVE-2025-48293) , Jul 29, 2025