8theme

Xstore

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-25006

  • EPSS 0.24%
  • Veröffentlicht 19.02.2026 08:26:52
  • Zuletzt bearbeitet 27.04.2026 21:16:26

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4.

6.5

CVE-2026-25305

  • EPSS 0.16%
  • Veröffentlicht 19.02.2026 08:26:52
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through <= 9.6.4.

6.5

CVE-2025-64190

  • EPSS 0.13%
  • Veröffentlicht 30.12.2025 16:00:52
  • Zuletzt bearbeitet 23.04.2026 15:35:03

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.6.

7.1

CVE-2025-64191

  • EPSS 0.18%
  • Veröffentlicht 18.12.2025 07:22:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through < 9.6.1.

6.3

CVE-2025-64192

  • EPSS 0.19%
  • Veröffentlicht 18.12.2025 07:22:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.

7.5

CVE-2025-64193

  • EPSS 0.38%
  • Veröffentlicht 18.12.2025 07:22:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through < 9.6.1.

8.8

CVE-2025-11746

  • EPSS 0.68%
  • Veröffentlicht 15.10.2025 02:26:27
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() function. This makes it possible for authenticated attackers, with Subscriber-level access and ab...

5.3

CVE-2025-60100

  • EPSS 0.27%
  • Veröffentlicht 26.09.2025 09:15:35
  • Zuletzt bearbeitet 23.04.2026 15:34:13

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through < 9.6.

4.3

CVE-2024-33564

  • EPSS 0.32%
  • Veröffentlicht 09.06.2024 12:15:13
  • Zuletzt bearbeitet 21.11.2024 09:17:09

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.

9.8

CVE-2024-33561

  • EPSS 0.43%
  • Veröffentlicht 09.06.2024 12:15:12
  • Zuletzt bearbeitet 21.11.2024 09:17:09

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.