CVE-2025-8113 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the Ebook Store WordPress plugin versions prior to 5.8015. The vulnerability arises because the plugin does not properly escape the $_SERVER['REQUEST_URI'] parameter before reflecting it back in an HTML attribute. This improper handling allows an attacker to inject malicious JavaScript code into the URL, which can then be executed in the context of the victim's browser when the crafted URL is visited. The vulnerability specifically affects older web browsers that do not have modern XSS protections or content security policies in place. Reflected XSS vulnerabilities typically require user interaction, such as clicking on a malicious link, and can lead to the theft of session cookies, user impersonation, or redirection to malicious sites. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) shows that the attack can be performed remotely over the network without privileges but requires user interaction. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality and integrity is low, while availability is not affected. No known exploits are currently reported in the wild, and no patches or updates are linked yet, though the fixed version is noted as 5.8015 or later. This vulnerability is classified under CWE-79, which is a common and well-understood XSS weakness in web applications, emphasizing the need for proper input validation and output encoding.

For European organizations using WordPress sites with the Ebook Store plugin, this vulnerability poses a risk primarily to the confidentiality and integrity of user data. Attackers exploiting this vulnerability could hijack user sessions, steal sensitive information, or perform actions on behalf of users, potentially leading to account compromise or unauthorized transactions. While the impact on availability is negligible, the reputational damage and potential regulatory consequences under GDPR for data breaches involving personal data could be significant. The requirement for user interaction (clicking a malicious link) somewhat limits the exploitability, but phishing campaigns could be used to lure users into triggering the attack. Organizations with customer-facing WordPress sites that utilize this plugin should be particularly cautious, as attackers could target customers or employees. The vulnerability's effect on older browsers means that users who have not updated their browsers are at higher risk, which can be common in certain corporate environments with legacy systems. Overall, the threat could lead to moderate operational disruption and data exposure risks for European entities, especially in sectors like e-commerce, publishing, and education where Ebook Store plugin usage is more prevalent.

1. Immediate upgrade of the Ebook Store WordPress plugin to version 5.8015 or later once available to ensure the vulnerability is patched. 2. Implement Web Application Firewall (WAF) rules that detect and block suspicious request patterns targeting the REQUEST_URI parameter to mitigate exploitation attempts before patching. 3. Enforce Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. 4. Educate users and staff about phishing risks and the dangers of clicking on untrusted links, especially those that appear to come from the organization's domain. 5. Regularly audit and monitor web server logs for unusual request patterns or repeated attempts to exploit this vulnerability. 6. Encourage users to update their browsers to the latest versions to benefit from modern XSS protections. 7. Conduct security testing and code reviews on custom WordPress plugins and themes to ensure proper input validation and output encoding practices are followed. 8. If immediate patching is not possible, consider temporarily disabling the Ebook Store plugin or restricting access to it via IP whitelisting or authentication controls.