← back
CVE-2024-33559

WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability

CVSS 9.3 CRITICALEPSS 3.6%CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Affected products
8theme · XStore
public PoCs found2
githubgithub.com/absholi7ly/WordPress-XStore-theme-SQL-Injection9exploitdbwww.exploit-db.com/exploits/52019unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/vulnerability/xstore/wordpress-xstore-theme-9-3-5-unauthenticated-sql-injection-vulnerability?_s_id=cve