CVE-2025-62743
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in MyBookTable Bookstore plugin (≤3.6.0) allows attackers to inject malicious scripts via improper input neutralization.
Vulnerability
Overview CVE-2025-62743 is a Stored Cross-Site Scripting (XSS) vulnerability in the MyBookTable Bookstore plugin for WordPress, affecting versions from n/a through 3.6.0. The root cause is improper neutralization of input during web page generation, allowing an attacker to store malicious scripts that execute when other users visit the affected page [1].
Exploitation
Exploitation requires a privileged user (e.g., an editor or administrator) to perform an action such as clicking a crafted link or submitting a form. Once triggered, the attacker's payload is stored and executed in the context of the victim's browser session [1].
Impact
A successful attack could allow an attacker to inject arbitrary HTML and JavaScript, leading to redirects, advertisements, or other malicious payloads displayed to site visitors. This can be used in mass-exploit campaigns targeting thousands of websites [1].
Mitigation
The vendor has not released a patched version beyond 3.6.0. Users are advised to update the plugin immediately if a fix becomes available, or to contact their hosting provider for assistance. As of the publication date, no workaround is documented [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=3.6.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.