CVE-2025-54702: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects motov.net Ebook Store WordPress plugin versions up to and including 5.8013. The vulnerability was discovered by Nabil Irawan and publicly disclosed on July 30, 2025. This security issue has been assigned CVE-2025-54702 with a CVSS v3.1 base score of 4.3 (Medium) (Patchstack, NVD).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and stems from missing or incorrect nonce validation on a function. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no impact on confidentiality, low impact on integrity, and no impact on availability (Rapid7).

The vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing specific actions, such as clicking on a malicious link. The impact is primarily on the integrity of the system, with no direct effect on confidentiality or availability (Rapid7).

The vulnerability has been fixed in version 5.8014 of the Ebook Store plugin. Users are advised to update to version 5.8014 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).