Shopfiles Ebook_store
8 CVEs affecting Shopfiles Ebook_store. Latest disclosed: 2025-08-16. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-22701 | High | 7.5 | 2024-12-09 | Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebo… |
CVE-2023-45602 | High | 7.1 | 2023-10-18 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.785 versions. |
CVE-2025-8113 | Medium | 6.1 | 2025-08-16 | The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lea… |
CVE-2024-12262 | Medium | 6.1 | 2024-12-21 | The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due… |
CVE-2024-11287 | Medium | 6.1 | 2024-12-21 | The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in… |
CVE-2024-23501 | Medium | 5.9 | 2024-02-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue af… |
CVE-2023-22690 | Medium | 5.9 | 2023-05-15 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.775 versions. |
CVE-2024-6567 | Medium | 5.3 | 2024-08-02 | The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fp… |