8Theme Xstore vulnerabilities
13 known vulnerabilities affecting 8theme/xstore.
Total CVEs
13
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH5MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2024-33559P2CRITICALCVSS 9.3PoC≥ n/a, ≤ 9.3.52024-04-29
CVE-2024-33559 [CRITICAL] CWE-89 CVE-2024-33559: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.
nvd
CVE-2025-11746P3HIGHCVSS 8.8≤ 9.5.42025-10-15
CVE-2025-11746 [HIGH] CWE-22 CVE-2025-11746: The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and incl
The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code i
nvd
CVE-2024-33560P3CRITICALCVSS 9.0≥ n/a, ≤ 9.3.82024-06-04
CVE-2024-33560 [CRITICAL] CWE-22 CVE-2024-33560: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8the
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.3.8.
nvd
CVE-2024-33563P3HIGHCVSS 8.8fixed in 9.3.9≥ n/a, ≤ 9.3.82024-06-09
CVE-2024-33563 [HIGH] CWE-862 CVE-2024-33563: Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
nvd
CVE-2024-33561P3CRITICALCVSS 9.8fixed in 9.3.9≥ n/a, ≤ 9.3.82024-06-09
CVE-2024-33561 [CRITICAL] CWE-862 CVE-2024-33561: Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
nvd
CVE-2025-64193P3HIGHCVSS 7.5≤ 9.6.12025-12-18
CVE-2025-64193 [HIGH] CWE-98 CVE-2025-64193: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through < 9.6.1.
nvd
CVE-2025-64192P3MEDIUMCVSS 6.3≤ 9.62025-12-18
CVE-2025-64192 [MEDIUM] CWE-862 CVE-2025-64192: Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured
Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.
nvd
CVE-2025-60100P4MEDIUMCVSS 5.3≤ 9.62025-09-26
CVE-2025-60100 [MEDIUM] CWE-80 CVE-2025-60100: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8them
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through < 9.6.
nvd
CVE-2025-64191P4HIGHCVSS 7.1≤ 9.6.12025-12-18
CVE-2025-64191 [HIGH] CWE-79 CVE-2025-64191: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through < 9.6.1.
nvd
CVE-2026-25006P4MEDIUMCVSS 5.3≤ 9.6.42026-02-19
CVE-2026-25006 [MEDIUM] CWE-80 CVE-2026-25006: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8them
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4.
nvd
CVE-2024-33562P4HIGHCVSS 7.1≥ n/a, ≤ 9.3.52024-04-29
CVE-2024-33562 [HIGH] CWE-79 CVE-2024-33562: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5.
nvd
CVE-2026-25305P4MEDIUMCVSS 6.5≤ 9.6.42026-02-19
CVE-2026-25305 [MEDIUM] CWE-79 CVE-2026-25305: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through <= 9.6.4.
nvd
CVE-2024-33564P4MEDIUMCVSS 4.3fixed in 9.3.9≥ n/a, ≤ 9.3.82024-06-09
CVE-2024-33564 [MEDIUM] CWE-862 CVE-2024-33564: Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
nvd