Lucene search
K
8themeXstore Core

8 matches found

CVE
CVE
added 2024/04/29 7:38 a.m.89 views

CVE-2024-33553

CVE-2024-33553 is a Deserialization of Untrusted Data vulnerability affecting 8theme XStore Core (from n/a to 5.3.5). Root cause: PHP object injection via deserialization of untrusted data. Impact: per sources, high/critical risk with potential full compromise (CIA: High; network vector; no user ...

9.8CVSS5.2AI score0.00576EPSS
CVE
CVE
added 2024/04/29 6:8 a.m.76 views

CVE-2024-33551

CVE-2024-33551 is an SQL Injection in 8theme XStore Core (WordPress plugin). Affected product: XStore Core up to version 5.3.5. Root cause: improper neutralization of special elements used in SQL queries. Impact per sources: potential unauthenticated SQL injection with high impact on confidential...

9.8CVSS5.5AI score0.00614EPSS
CVE
CVE
added 2024/05/17 8:17 a.m.76 views

CVE-2024-33552

CVE-2024-33552 is an Unauthenticated Privilege Escalation in 8theme XStore Core (WordPress plugin). Affected: XStore Core up to version 5.3.8 (reports indicate “from n/a through 5.3.8”). Root cause: improper privilege management enabling escalation. Impact per sources: high confidentiality/integr...

9.8CVSS6.8AI score0.00571EPSS
CVE
CVE
added 2024/05/17 6:12 a.m.73 views

CVE-2024-33556

CVE-2024-33556 involves the WordPress plugin XStore Core (8theme) with an Unrestricted Upload of File with Dangerous Type vulnerability. Affected versions are XStore Core up to 5.3.8 (root note uses “from n/a through 5.3.8”). Connected sources confirm the issue is a file upload vulnerability, ena...

9.8CVSS6.8AI score0.00583EPSS
CVE
CVE
added 2024/06/09 12:7 p.m.61 views

CVE-2024-33555

CVE-2024-33555 (WordPress XStore Core) is documented as a Missing Authorization vulnerability affecting XStore Core up to version 5.3.8. Public sources list affected products as the 8theme XStore Core plugin for WordPress, with remediation guidance indicating upgrading to a version later than 5.3...

8.8CVSS8.1AI score0.00417EPSS
CVE
CVE
added 2024/04/29 8:15 a.m.57 views

CVE-2024-33558

CVE-2024-33558 is listed as a Missing Authorization vulnerability in 8theme XStore Core affecting versions up to 5.3.5. The initial entry notes impact as Missing Authorization; connected documents reference the XStore Core product and its 5.3.5 end of line, but do not provide concrete exploitatio...

6.5CVSS5.1AI score0.00435EPSS
CVE
CVE
added 2024/04/29 5:16 a.m.55 views

CVE-2024-33554

CVE-2024-33554 : Reflected XSS in 8theme XStore Core due to improper input neutralization during web page generation. Affected: XStore Core from n/a up to 5.3.5. Consequences include potential script execution in a victim’s browser when interacting with vulnerable pages. Connected sources (e.g., ...

7.1CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2024/06/04 1:5 p.m.52 views

CVE-2024-33557

CVE-2024-33557 describes a path traversal vulnerability in 8theme XStore Core (WordPress plugin) that enables PHP Local File Inclusion. Affected range: XStore Core from n/a through 5.3.8. The CVSS metrics indicate high impact (C/H, I/H, A/H) with network attack vector and low attack complexity; p...

8.8CVSS8.5AI score0.0056EPSS