CVE-2025-7486 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability affecting the motovnet Ebook Store plugin for WordPress, specifically all versions up to and including 5.8012. The vulnerability arises from improper input sanitization and output escaping in the Order Details functionality. Authenticated attackers with administrator-level privileges can exploit this flaw to inject arbitrary malicious scripts into pages. These scripts execute whenever any user accesses the compromised page, potentially leading to session hijacking, defacement, or redirection to malicious sites. The vulnerability is unique in that it only affects WordPress multi-site installations or single-site installations where the unfiltered_html capability has been disabled, limiting the scope of exploitation. The CVSS 3.1 base score is 4.4 (medium), reflecting that the attack requires high privileges (administrator) and no user interaction is needed for exploitation once the malicious script is injected. The vulnerability impacts confidentiality and integrity but not availability. No known exploits are currently in the wild, and no official patches have been released yet. The vulnerability was reserved on July 11, 2025, and published on July 21, 2025, by Wordfence. Given the nature of WordPress plugins and their widespread use, this vulnerability could be leveraged in targeted attacks against organizations using the motovnet Ebook Store plugin in multi-site environments or with restricted HTML capabilities.

For European organizations, the impact of this vulnerability depends on the adoption of the motovnet Ebook Store plugin in WordPress multi-site deployments or configurations with disabled unfiltered_html. Exploitation could lead to unauthorized script execution, enabling attackers to steal session cookies, perform actions on behalf of users, or inject malicious content that compromises user trust and data confidentiality. This could result in reputational damage, data breaches, and regulatory non-compliance under GDPR if personal data is exposed. The requirement for administrator-level access limits the risk to insider threats or attackers who have already compromised admin credentials, but the multi-site context increases the potential blast radius, as a single injection could affect multiple sites within the network. European organizations running e-commerce or content distribution platforms on WordPress multi-site setups should be particularly cautious, as attackers could leverage this vulnerability to escalate privileges or pivot within the network. Although no active exploits are reported, the presence of this vulnerability in a widely used CMS plugin necessitates prompt attention to prevent targeted attacks.

1. Immediate mitigation involves restricting administrator access to trusted personnel only and enforcing strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. 2. Monitor and audit administrator activities and order details input fields for suspicious or unexpected script content. 3. Temporarily disable or restrict the use of the motovnet Ebook Store plugin in multi-site environments until a patch is available. 4. Implement Web Application Firewall (WAF) rules to detect and block common XSS payloads targeting the Order Details fields. 5. Encourage the plugin vendor to release a security patch that properly sanitizes and escapes input and output in the affected components. 6. For organizations with development resources, consider applying custom input validation and output encoding as a stopgap measure. 7. Educate administrators about the risks of XSS and the importance of cautious input handling. 8. Regularly update WordPress core and plugins to the latest versions once patches are released to remediate this vulnerability.