cbcvebase.

8Theme Xstore Core vulnerabilities

12 known vulnerabilities affecting 8theme/xstore_core.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH4MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-33552P1CRITICALCVSS 9.8Exploitedfixed in 5.3.9≥ n/a, ≤ 5.3.82024-05-17
CVE-2024-33552 [CRITICAL] CWE-269 CVE-2024-33552: Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This i Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
nvd
CVE-2024-33551P2CRITICALCVSS 9.8Exploitedfixed in 5.3.9≥ n/a, ≤ 5.3.52024-04-29
CVE-2024-33551 [CRITICAL] CWE-89 CVE-2024-33551: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5.
nvd
CVE-2024-33553P2CRITICALCVSS 9.8Exploitedfixed in 5.3.9≥ n/a, ≤ 5.3.52024-04-29
CVE-2024-33553 [CRITICAL] CWE-502 CVE-2024-33553: Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5.
nvd
CVE-2026-25306P2HIGHCVSS 7.1Exploited≤ 5.6.42026-03-25
CVE-2026-25306 [HIGH] CWE-79 CVE-2026-25306: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through <= 5.6.4.
nvd
CVE-2024-33556P2CRITICALCVSS 9.8fixed in 5.3.9≥ n/a, ≤ 5.3.82024-05-17
CVE-2024-33556 [CRITICAL] CWE-434 CVE-2024-33556: Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affec Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
nvd
CVE-2024-33557P3HIGHCVSS 8.8fixed in 5.3.9≥ n/a, ≤ 5.3.82024-06-04
CVE-2024-33557 [HIGH] CWE-22 CVE-2024-33557: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8the Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core: from n/a through 5.3.8.
nvd
CVE-2024-33555P3HIGHCVSS 8.8fixed in 5.3.9≥ n/a, ≤ 5.3.82024-06-09
CVE-2024-33555 [HIGH] CWE-862 CVE-2024-33555: Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a t Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
nvd
CVE-2024-33558P3MEDIUMCVSS 6.5fixed in 5.3.9≥ n/a, ≤ 5.3.52024-04-29
CVE-2024-33558 [MEDIUM] CWE-862 CVE-2024-33558: Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a t Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5.
nvd
CVE-2025-64189P4HIGHCVSS 7.1≤ 5.62025-12-18
CVE-2025-64189 [HIGH] CWE-79 CVE-2025-64189: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6.
nvd
CVE-2026-25307P4MEDIUMCVSS 6.5≤ 5.72026-02-19
CVE-2026-25307 [MEDIUM] CWE-79 CVE-2026-25307: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7.
nvd
CVE-2025-64190P4MEDIUMCVSS 6.5≤ 5.62025-12-30
CVE-2025-64190 [MEDIUM] CWE-79 CVE-2025-64190: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.6.
nvd
CVE-2024-33554P4MEDIUMCVSS 6.1fixed in 5.3.9≥ n/a, ≤ 5.3.52024-04-29
CVE-2024-33554 [MEDIUM] CWE-79 CVE-2024-33554: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core allows Reflected XSS.This issue affects XStore Core: from n/a through 5.3.5.
nvd
8Theme Xstore Core vulnerabilities | cvebase