Lucene search
K

50 matches found

Nuclei
Nuclei
added yesterday5 views

XStore Theme < 9.7.3 - SQL Injection

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2026-3326 info: name: XStore Theme 9.7.3 - SQL Injection author: VixianSchool...

8.6CVSS6.1AI score0.00969EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.16 views

CVE-2026-3326

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS5.6AI score0.00969EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/11 8:12 a.m.13 views

WordPress XStore theme < 9.7.3 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Ahmed Makawi in WordPress Theme XStore versions 9.7.3...

8.6CVSS5.4AI score0.00969EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/10 7:16 a.m.20 views

CVE-2026-3326

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS0.00969EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 6:0 a.m.54 views

CVE-2026-3326

The CVE-2026-3326 entry concerns the XStore WordPress theme (versions before 9.7.3). An unsanitised/Unescaped parameter is used in a SQL statement via an AJAX action that is accessible to unauthenticated users, leading to a SQL injection. This is described across multiple sources in the connected...

8.6CVSS5.6AI score0.00969EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 6:0 a.m.8 views

CVE-2026-3326 XStore < 9.7.3 - Unauthenticated SQLi

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

5.6AI score0.00969EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48386

Name of the Vulnerable Software and Affected Versions Xstore WordPress theme versions prior to 9.7.3 Description An issue exists where a parameter is not properly sanitized and escaped before being used in a SQL statement. This occurs via an AJAX action that is accessible to unauthenticated users...

8.6CVSS6.1AI score0.00969EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.3 views

CVE-2026-25305 WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through = 9.6.4...

5.9AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.3 views

CVE-2026-25006 WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through = 9.6.4...

5.3CVSS6AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:26 a.m.11 views

CVE-2026-25305

The CVE CVE-2026-25305 concerns the 8theme WordPress XStore theme (xstore) with versions up to and including 9.6.4. It is a DOM-based Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. The issue affects XStore and can lead to client-sid...

6.5CVSS5.4AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:26 a.m.30 views

CVE-2026-25305 WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through = 9.6.4...

6.5CVSS0.00161EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/18 7:37 p.m.9 views

WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...

5.3AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/18 1:22 a.m.9 views

WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...

5.5AI score0.00236EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/12/18 9:30 a.m.5 views

EUVD-2025-204087

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.6.1...

7.5CVSS6.6AI score0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.2 views

CVE-2025-64191 WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through 9.6.1...

7.1CVSS6AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.1 views

CVE-2025-64193 WordPress XStore theme < 9.6.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.6.1...

7.5CVSS5.9AI score0.00381EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.35 views

CVE-2025-64192 WordPress XStore theme < 9.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through 9.6...

6.3CVSS0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.2 views

CVE-2025-64192 WordPress XStore theme < 9.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through 9.6...

6.3CVSS6.6AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.16 views

CVE-2025-64193

CVE-2025-64193 affects WordPress XStore plugin vulnerabilities: an improper control of filenames for PHP include/require leads to Local File Inclusion in XStore versions prior to 9.6.1. The issue is described as a PHP Remote File Inclusion-type flaw that enables LFI within the XStore code path. A...

7.5CVSS6.7AI score0.00381EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.36 views

CVE-2025-64191 WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through 9.6.1...

7.1CVSS0.0018EPSS
Exploits0References1
Rows per page
Query Builder