CVE-2025-8113: 
WordPress vulnerability analysis and mitigation

The Ebook Store WordPress plugin before version 5.8015 contains a Reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-8113. The vulnerability was discovered by Bob Matyas and publicly disclosed on July 26, 2025. The issue affects all versions of the plugin up to and including version 5.8014, where the $SERVER['REQUESTURI'] parameter is not properly escaped before being output in an attribute (WPScan).

The vulnerability stems from insufficient input sanitization and output escaping of the $SERVER['REQUESTURI'] parameter. When this parameter is output back in an attribute, it can lead to Reflected Cross-Site Scripting, particularly in older web browsers. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that it requires user interaction but no privileges, and can be exploited remotely (CISA-ADP).

If successfully exploited, this vulnerability could allow unauthenticated attackers to inject arbitrary web scripts that execute when users perform specific actions, such as clicking on a malicious link. The impact is considered medium, with potential compromise of both confidentiality and integrity, though no impact on system availability (Rapid7).

The vulnerability has been patched in version 5.8015 of the Ebook Store WordPress plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).