Reflected Cross-Site Scripting Vulnerability in Ebook Store WordPress Plugin
CVE-2025-8113
Currently unrated
Key Information:
- Vendor
WordPress
- Status
- Vendor
- CVE Published:
- 16 August 2025
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-8113?
The Ebook Store WordPress plugin prior to version 5.8015 is vulnerable to reflected cross-site scripting due to inadequate escaping of the $_SERVER['REQUEST_URI'] parameter. This flaw could allow an attacker to execute arbitrary JavaScript code in the context of the user's browser, particularly in older web browsers, which may not adequately handle malicious scripts. This vulnerability can be exploited to steal session cookies or redirect users to malicious sites, posing significant risks to website integrity and user security.
Affected Version(s)
Ebook Store 0 < 5.8015
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.