8 matches found
CVE-2024-33553
CVE-2024-33553 is a Deserialization of Untrusted Data vulnerability affecting 8theme XStore Core (from n/a to 5.3.5). Root cause: PHP object injection via deserialization of untrusted data. Impact: per sources, high/critical risk with potential full compromise (CIA: High; network vector; no user ...
CVE-2024-33551
CVE-2024-33551 is an SQL Injection in 8theme XStore Core (WordPress plugin). Affected product: XStore Core up to version 5.3.5. Root cause: improper neutralization of special elements used in SQL queries. Impact per sources: potential unauthenticated SQL injection with high impact on confidential...
CVE-2024-33552
CVE-2024-33552 is an Unauthenticated Privilege Escalation in 8theme XStore Core (WordPress plugin). Affected: XStore Core up to version 5.3.8 (reports indicate “from n/a through 5.3.8”). Root cause: improper privilege management enabling escalation. Impact per sources: high confidentiality/integr...
CVE-2024-33556
CVE-2024-33556 involves the WordPress plugin XStore Core (8theme) with an Unrestricted Upload of File with Dangerous Type vulnerability. Affected versions are XStore Core up to 5.3.8 (root note uses “from n/a through 5.3.8”). Connected sources confirm the issue is a file upload vulnerability, ena...
CVE-2024-33555
CVE-2024-33555 (WordPress XStore Core) is documented as a Missing Authorization vulnerability affecting XStore Core up to version 5.3.8. Public sources list affected products as the 8theme XStore Core plugin for WordPress, with remediation guidance indicating upgrading to a version later than 5.3...
CVE-2024-33558
CVE-2024-33558 is listed as a Missing Authorization vulnerability in 8theme XStore Core affecting versions up to 5.3.5. The initial entry notes impact as Missing Authorization; connected documents reference the XStore Core product and its 5.3.5 end of line, but do not provide concrete exploitatio...
CVE-2024-33554
CVE-2024-33554 : Reflected XSS in 8theme XStore Core due to improper input neutralization during web page generation. Affected: XStore Core from n/a up to 5.3.5. Consequences include potential script execution in a victim’s browser when interacting with vulnerable pages. Connected sources (e.g., ...
CVE-2024-33557
CVE-2024-33557 describes a path traversal vulnerability in 8theme XStore Core (WordPress plugin) that enables PHP Local File Inclusion. Affected range: XStore Core from n/a through 5.3.8. The CVSS metrics indicate high impact (C/H, I/H, A/H) with network attack vector and low attack complexity; p...