8theme Xstore

13 CVEs affecting 8theme Xstore. Latest disclosed: 2026-02-19. Critical: 2, High: 7.

Top CVEs affecting 8theme Xstore
CVESeverityScorePublishedSummary
CVE-2024-33559Critical9.32024-04-29Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XSt…
CVE-2024-33560Critical9.02024-06-04Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affect…
CVE-2025-11746High8.82025-10-15The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() functi…
CVE-2024-33564High8.82024-06-09Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
CVE-2024-33563High7.62024-06-09Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
CVE-2025-64193High7.52025-12-18Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in 8theme XStore xstore allows PHP Local…
CVE-2024-33561High7.52024-06-09Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
CVE-2025-64191High7.12025-12-18Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affe…
CVE-2024-33562High7.12024-04-29Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XSt…
CVE-2026-25305Medium6.52026-02-19Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affe…
CVE-2025-64192Medium6.32025-12-18Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore…
CVE-2026-25006Medium5.32026-02-19Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XS…
CVE-2025-60100Medium5.32025-09-26Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XS…