CVE-2026-25305 WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through = 9.6.4...

CVE-2026-25305

The CVE CVE-2026-25305 concerns the 8theme WordPress XStore theme (xstore) with versions up to and including 9.6.4. It is a DOM-based Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. The issue affects XStore and can lead to client-sid...

CVE-2026-25006 WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through = 9.6.4...

CVE-2026-25305 WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through = 9.6.4...

WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...

WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...

EUVD-2025-204087

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.6.1...

CVE-2025-64193

CVE-2025-64193 affects WordPress XStore plugin vulnerabilities: an improper control of filenames for PHP include/require leads to Local File Inclusion in XStore versions prior to 9.6.1. The issue is described as a PHP Remote File Inclusion-type flaw that enables LFI within the XStore code path. A...

CVE-2025-64192

CVE-2025-64192 affects the WordPress XStore theme (XStore) with versions prior to 9.6. The issue is a Missing Authorization vulnerability caused by broken access control, allowing exploitation due to improperly configured access levels. Public documentation in the connected sources confirms the i...

CVE-2025-64191 WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through 9.6.1...

CVE-2025-64192 WordPress XStore theme < 9.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through 9.6...

CVE-2025-64191 WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through 9.6.1...

CVE-2025-64193 WordPress XStore theme < 9.6.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.6.1...

CVE-2025-64192 WordPress XStore theme < 9.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through 9.6...

CVE-2025-11746

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

CVE-2025-11746

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

CVE-2025-11746

CVE-2025-11746 is an authenticated Local File Inclusion vulnerability affecting the WordPress XStore/Multi-purpose WooCommerce Theme (versions &lt;= 9.5.4). Exploitation via theet_ajax_required_plugins_popup() enables an attacker with Subscriber+ privileges to include and execute arbitrary PHP co...

CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

WordPress XStore theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion vulnerability

Authenticated Subscriber+ Local File Inclusion vulnerability discovered by khanhhnahk1 in WordPress Theme XStore versions = 9.5.4...