Lucene search
K

398 matches found

Nuclei
Nuclei
added yesterday5 views

XStore Theme < 9.7.3 - SQL Injection

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2026-3326 info: name: XStore Theme 9.7.3 - SQL Injection author: VixianSchool...

8.6CVSS6.1AI score0.00969EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.16 views

CVE-2026-3326

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS5.6AI score0.00969EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/11 8:12 a.m.13 views

WordPress XStore theme < 9.7.3 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Ahmed Makawi in WordPress Theme XStore versions 9.7.3...

8.6CVSS5.4AI score0.00969EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/10 7:16 a.m.20 views

CVE-2026-3326

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS0.00969EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 6:0 a.m.44 views

CVE-2026-3326 XStore < 9.7.3 - Unauthenticated SQLi

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

0.00969EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 6:0 a.m.54 views

CVE-2026-3326

The CVE-2026-3326 entry concerns the XStore WordPress theme (versions before 9.7.3). An unsanitised/Unescaped parameter is used in a SQL statement via an AJAX action that is accessible to unauthenticated users, leading to a SQL injection. This is described across multiple sources in the connected...

8.6CVSS5.6AI score0.00969EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 6:0 a.m.8 views

CVE-2026-3326 XStore < 9.7.3 - Unauthenticated SQLi

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

5.6AI score0.00969EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:0 a.m.12 views

EUVD-2026-35985

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS5.6AI score0.00969EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48386

Name of the Vulnerable Software and Affected Versions Xstore WordPress theme versions prior to 9.7.3 Description An issue exists where a parameter is not properly sanitized and escaped before being used in a SQL statement. This occurs via an AJAX action that is accessible to unauthenticated users...

8.6CVSS6.1AI score0.00969EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

WordPress plugin Xstore SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

8.6CVSS5.7AI score0.00969EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:4 p.m.3 views

CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15637

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

7.1CVSS0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2026-25306 WordPress XStore Core plugin <= 5.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

7.1CVSS0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.5 views

CVE-2026-25306 WordPress XStore Core plugin <= 5.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.13 views

CVE-2026-25306

CVE-2026-25306 corresponds to a Reflected XSS in XStore Core et-core-plugin (WordPress). Affected: XStore Core

7.1CVSS5.8AI score0.00184EPSS
In wildExploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-27896

Name of the Vulnerable Software and Affected Versions 8theme XStore Core versions through 5.6.4 Description The 8theme XStore Core et-core-plugin contains a flaw related to improper input handling during web page creation, which allows for Reflected Cross-Site Scripting XSS. This issue could...

7.1CVSS5.9AI score0.00184EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin XStore Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00184EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/17 11:3 a.m.10 views

WordPress XStore Core plugin <= 5.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin XStore Core versions = 5.6.4...

7.1CVSS5.8AI score0.00184EPSS
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/03/17 12:0 a.m.14 views

VulnCheck KEV: CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

7.1CVSS5.8AI score0.00184EPSS
In wildExploits0References2
Rows per page
Query Builder