CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/02/19 12:0 a.m.•5 views

WordPress plugin XStore Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

6.5CVSS5.6AI score0.00161EPSS

CNNVD•added 2026/02/19 12:0 a.m.•5 views

WordPress plugin XStore 安全漏洞

5.3CVSS5.9AI score0.00236EPSS

Patchstack•added 2026/01/19 3:45 a.m.•6 views

WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin XStore Core versions 5.7...

6.5CVSS5.4AI score0.00161EPSS

Patchstack•added 2026/01/18 7:37 p.m.•5 views

WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...

5.3AI score0.00161EPSS

Patchstack•added 2026/01/18 1:22 a.m.•5 views

WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...

5.5AI score0.00236EPSS

RedhatCVE•added 2026/01/09 10:13 a.m.•6 views

CVE-2019-2561

Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications subcomponent: Internal Operations. Supported versions that are affected are 7.0 and 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reta...

8.2CVSS6.8AI score0.01396EPSS

RedhatCVE•added 2025/12/31 4:9 p.m.•7 views

CVE-2025-64190

NVD•added 2025/12/30 4:15 p.m.•5 views

CVE-2025-64190

6.5CVSS0.0013EPSS

EUVD•added 2025/12/30 4:0 p.m.•3 views

EUVD-2025-205820

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6...

Cvelist•added 2025/12/30 4:0 p.m.•22 views

Exploits0References2

CVE-2025-64190 WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.0013EPSS

CVE•added 2025/12/30 4:0 p.m.•18 views

CVE-2025-64190

CVE-2025-64190: DOM-based XSS in 8theme XStore Core (WordPress plugin) before v5.6 caused by improper neutralization of input during web page generation. Impacts confidentiality/integrity/availability as per XSS descriptions; remediation: upgrade to XStore Core 5.6 or later (no further exploit de...

Vulnrichment•added 2025/12/30 4:0 p.m.•5 views

CVE-2025-64190 WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6...

6.5CVSS6AI score0.0013EPSS

Patchstack•added 2025/12/30 3:59 p.m.•4 views

WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin XStore Core versions 5.6...

CNNVD•added 2025/12/30 12:0 a.m.•2 views

WordPress plugin XStore Core 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.7AI score0.0013EPSS

Positive Technologies•added 2025/12/30 12:0 a.m.•3 views

PT-2025-54188

CVE-2025-64190 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in https://t.co/lXMI5BUDhb XStore Core allows DOM-Based XSS.This issue affects X… https://t.co/HZDZwxB5Qk...

6.5CVSS6.4AI score0.0013EPSS

Exploits0References3

RedhatCVE•added 2025/12/19 7:32 a.m.•3 views

CVE-2025-64192

Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through 9.6...

6.3CVSS7AI score0.00189EPSS

RedhatCVE•added 2025/12/19 7:32 a.m.•3 views

CVE-2025-64189

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through 5.6...

7.1CVSS6.4AI score0.0018EPSS

RedhatCVE•added 2025/12/19 7:32 a.m.•3 views

CVE-2025-64191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through 9.6.1...

7.1CVSS6.4AI score0.0018EPSS

RedhatCVE•added 2025/12/19 7:32 a.m.•4 views

CVE-2025-64193

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.6.1...

7.5CVSS7.1AI score0.00381EPSS