Lucene search
K

49 matches found

RedhatCVE
RedhatCVE
added 2025/10/16 2:44 a.m.14 views

CVE-2025-11746

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

8.8CVSS7.1AI score0.00682EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 3:15 a.m.6 views

CVE-2025-11746

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

8.8CVSS0.00682EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/15 2:26 a.m.6 views

CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

8.8CVSS6.8AI score0.00682EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/15 2:26 a.m.9 views

CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

8.8CVSS0.00682EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 2:26 a.m.19 views

CVE-2025-11746

CVE-2025-11746 is an authenticated Local File Inclusion vulnerability affecting the WordPress XStore/Multi-purpose WooCommerce Theme (versions &lt;= 9.5.4). Exploitation via theet_ajax_required_plugins_popup() enables an attacker with Subscriber+ privileges to include and execute arbitrary PHP co...

8.8CVSS6.8AI score0.00682EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/15 12:11 a.m.6 views

WordPress XStore theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion vulnerability

Authenticated Subscriber+ Local File Inclusion vulnerability discovered by khanhhnahk1 in WordPress Theme XStore versions = 9.5.4...

8.8CVSS7AI score0.00682EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/15 12:0 a.m.8 views

PT-2025-42227

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet ajax required plugins popup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files ...

8.8CVSS7.1AI score0.00682EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/26 9:50 a.m.4 views

WordPress XStore theme < 9.6 - Content Injection vulnerability

Content Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions 9.6...

5.3CVSS7.2AI score0.00273EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/26 8:31 a.m.3 views

CVE-2025-60100 WordPress XStore theme < 9.6 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through 9.6...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/26 8:31 a.m.11 views

CVE-2025-60100 WordPress XStore theme < 9.6 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through 9.6...

5.3CVSS0.00273EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/26 12:0 a.m.5 views

WordPress XStore Theme <= 9.5.3 is vulnerable to Content Injection

Software XStore Type Theme Vulnerable versions = 9.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-60100 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 55131c12c2eb Credits Rafie Muhammad Patchstack Required privilege...

5.3CVSS6.3AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/09/10 10:5 a.m.7 views

WordPress XStore theme < 9.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions 9.6...

6.3CVSS7AI score0.00189EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2024/06/09 12:6 p.m.24 views

CVE-2024-33561 WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8...

7.5CVSS0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/09 12:4 p.m.29 views

CVE-2024-33563 WordPress XStore theme <= 9.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8...

7.6CVSS0.00354EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.343 views

WordPress XStore Theme 9.3.8 SQL Injection

Exploit Title: Wordpress Theme XStore 9.3.8 - SQLi Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Version: 5.3.5 Tested on: Windows10 CVE: CVE-2024-33559 Poc POST /?s=%27%3B+SELECT++FROM+wpposts%3B+-- HTTP/1.1 Host: example.com User-Agent:...

6.4CVSS7.1AI score0.03553EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.17 views

XStore < 9.3.9 - Unauthenticated SQLi

Description The theme is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that c...

9.3CVSS9.6AI score0.03553EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.18 views

XStore < 9.3.9 - Reflected Cross-Site Scripting

Description The theme is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

7.1CVSS7.1AI score0.00418EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/25 1:13 p.m.4 views

WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability

Arbitrary Option Update vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions = 9.3.8...

8.8CVSS7AI score0.00323EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/25 1:11 p.m.5 views

WordPress XStore theme <= 9.3.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions = 9.3.8...

8.8CVSS7AI score0.00354EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/25 1:9 p.m.5 views

WordPress XStore theme <= 9.3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions = 9.3.8...

7.1CVSS6.1AI score0.00418EPSS
Exploits0Affected Software1
Rows per page
Query Builder