CVE-2025-8113: 
WordPress vulnerability analysis and mitigation

The Ebook Store WordPress plugin before version 5.8015 contains a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability exists because the plugin does not properly escape the $SERVER['REQUESTURI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting attacks in older web browsers (WPScan).

The vulnerability is caused by insufficient output escaping of the $SERVER['REQUESTURI'] parameter in the plugin's code. When this parameter is reflected back in an HTML attribute without proper sanitization, it creates an XSS condition that can be exploited in older web browsers. The vulnerability has been assigned a CVSS score of 5.0 (medium) and is classified under CWE-79: Cross-Site Scripting (WPScan).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary JavaScript code in the context of other users' browsers who visit specially crafted URLs. This could potentially lead to session hijacking, credential theft, or other client-side attacks (WPScan).

The vulnerability has been fixed in version 5.8015 of the Ebook Store plugin. Site administrators are advised to update to this version or later to protect against this security issue (WPScan).