8theme

Xstore

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-25006

  • EPSS 0.05%
  • Veröffentlicht 19.02.2026 08:26:52
  • Zuletzt bearbeitet 27.02.2026 17:16:30

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4.

6.5

CVE-2026-25305

  • EPSS 0.03%
  • Veröffentlicht 19.02.2026 08:26:52
  • Zuletzt bearbeitet 27.02.2026 17:16:31

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through <= 9.6.4.

6.5

CVE-2025-64190

  • EPSS 0.04%
  • Veröffentlicht 30.12.2025 16:00:52
  • Zuletzt bearbeitet 20.01.2026 15:18:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6.

7.1

CVE-2025-64191

  • EPSS 0.05%
  • Veröffentlicht 18.12.2025 07:22:10
  • Zuletzt bearbeitet 20.01.2026 15:18:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through < 9.6.1.

6.3

CVE-2025-64192

  • EPSS 0.05%
  • Veröffentlicht 18.12.2025 07:22:10
  • Zuletzt bearbeitet 20.01.2026 15:18:41

Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.

7.5

CVE-2025-64193

  • EPSS 0.17%
  • Veröffentlicht 18.12.2025 07:22:10
  • Zuletzt bearbeitet 20.01.2026 15:18:41

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through < 9.6.1.

8.8

CVE-2025-11746

  • EPSS 0.19%
  • Veröffentlicht 15.10.2025 02:26:27
  • Zuletzt bearbeitet 16.10.2025 15:29:11

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() function. This makes it possible for authenticated attackers, with Subscriber-level access and ab...

5.3

CVE-2025-60100

  • EPSS 0.04%
  • Veröffentlicht 26.09.2025 09:15:35
  • Zuletzt bearbeitet 26.09.2025 14:32:19

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore allows Code Injection. This issue affects XStore: from n/a through 9.5.3.

4.3

CVE-2024-33564

  • EPSS 0.24%
  • Veröffentlicht 09.06.2024 12:15:13
  • Zuletzt bearbeitet 21.11.2024 09:17:09

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.

9.8

CVE-2024-33561

  • EPSS 0.49%
  • Veröffentlicht 09.06.2024 12:15:12
  • Zuletzt bearbeitet 21.11.2024 09:17:09

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.