8theme Xstore Core
12 CVEs affecting 8theme Xstore Core. Latest disclosed: 2026-03-25. Critical: 3, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-33552 | Critical | 9.8 | 2024-05-17 | Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. |
CVE-2024-33551 | Critical | 9.3 | 2024-04-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affect… |
CVE-2024-33553 | Critical | 9.0 | 2024-04-29 | Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. |
CVE-2024-33557 | High | 8.5 | 2024-06-04 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue a… |
CVE-2024-33556 | High | 8.2 | 2024-05-17 | Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8. |
CVE-2024-33555 | High | 8.1 | 2024-06-09 | Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8. |
CVE-2026-25306 | High | 7.1 | 2026-03-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.Th… |
CVE-2025-64189 | High | 7.1 | 2025-12-18 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.Th… |
CVE-2024-33554 | High | 7.1 | 2024-04-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core allows Reflected XSS.This issue affect… |
CVE-2026-25307 | Medium | 6.5 | 2026-02-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.Th… |
CVE-2025-64190 | Medium | 6.5 | 2025-12-30 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.Th… |
CVE-2024-33558 | Medium | 6.5 | 2024-04-29 | Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. |