8theme Xstore
13 CVEs affecting 8theme Xstore. Latest disclosed: 2026-02-19. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-33559 | Critical | 9.3 | 2024-04-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XSt… |
CVE-2024-33560 | Critical | 9.0 | 2024-06-04 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affect… |
CVE-2025-11746 | High | 8.8 | 2025-10-15 | The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() functi… |
CVE-2024-33564 | High | 8.8 | 2024-06-09 | Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. |
CVE-2024-33563 | High | 7.6 | 2024-06-09 | Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. |
CVE-2025-64193 | High | 7.5 | 2025-12-18 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in 8theme XStore xstore allows PHP Local… |
CVE-2024-33561 | High | 7.5 | 2024-06-09 | Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. |
CVE-2025-64191 | High | 7.1 | 2025-12-18 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affe… |
CVE-2024-33562 | High | 7.1 | 2024-04-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XSt… |
CVE-2026-25305 | Medium | 6.5 | 2026-02-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affe… |
CVE-2025-64192 | Medium | 6.3 | 2025-12-18 | Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore… |
CVE-2026-25006 | Medium | 5.3 | 2026-02-19 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XS… |
CVE-2025-60100 | Medium | 5.3 | 2025-09-26 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XS… |