CVE-2025-8113
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-16

Last updated on: 2025-08-18

Assigner: WPScan

Description
The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-16
Last Modified
2025-08-18
Generated
2026-05-06
AI Q&A
2025-08-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8113
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress ebook_store *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Ebook Store WordPress plugin versions before 5.8015. It occurs because the plugin does not properly escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute. This improper handling can lead to Reflected Cross-Site Scripting (XSS) attacks, particularly in older web browsers.


How can this vulnerability impact me? :

The vulnerability can allow attackers to execute malicious scripts in the context of the affected website by exploiting the Reflected Cross-Site Scripting flaw. This can lead to unauthorized actions, theft of user data, session hijacking, or other malicious activities when users visit a crafted URL.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart