Unsecured Reflected Cross-Site Scripting in Ebook Store Plugin for WordPress
CVE-2024-11287

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Ebook Store
Vendor: CVE Published:; 21 December 2024

Summary

CVE-2024-11287 refers to a vulnerability found in the Ebook Store plugin for WordPress. This flaw allows for Reflected Cross-Site Scripting (XSS) attacks due to improper handling of user inputs via the add_query_arg function. Attackers can exploit this vulnerability by tricking users into clicking on malicious links that can execute arbitrary scripts in their browsers. This poses significant risks as it can lead to unauthorized actions, data theft, and website compromises. All versions of the Ebook Store plugin up to and including 5.8001 are affected, making immediate patching and security measures essential.

Affected Version(s)

Ebook Store * <= 5.8001

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/ebook-store/tr...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 21, 2024
Vulnerability Reserved
Nov 15, 2024

Credit

Peter Thaleikis