Reflected Cross-Site Scripting Vulnerability in Ebook Store Plugin for WordPress
CVE-2024-12262

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Ebook Store
Vendor: CVE Published:; 21 December 2024

Summary

The Ebook Store plugin for WordPress has been identified as vulnerable to a reflected cross-site scripting (XSS) attack through the 'step' parameter. This vulnerability exists in all versions of the plugin up to and including version 5.8001, stemming from inadequate input sanitization and output escaping. As a result, unauthenticated attackers can inject arbitrary web scripts into pages viewed by users. This exploitation requires the attacker to trick the user into clicking a malicious link, potentially leading to unauthorized actions or data exposure on the affected website.

Affected Version(s)

Ebook Store * <= 5.8001

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/ebook-store/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 21, 2024
Vulnerability Reserved
Dec 5, 2024

Credit

Thien Ngo