Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Xstore — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Xstore, with AI-generated Chinese analysis, references, and POCs.

This page is the vulnerability aggregation resource for the XStore product, focusing on software weaknesses and associated security tags. It collects data on a wide variety of vulnerability types, including injection flaws, authentication bypasses, cross-site scripting, and cryptographic failures, covering all disclosed entries from the project’s inception through the current year. The content is structured to allow users to track a vendor's advisories as they are released, understand a specific weakness class by reviewing related reports, and look up a product's vulnerability history to assess long-term security posture and remediation trends. By centralizing these records, the page provides a comprehensive view of how XStore has handled security issues over time. Readers can analyze patterns in reported defects, identify which components have been most frequently affected, and review the timeline of patches and updates. This approach supports security researchers, developers, and system administrators in evaluating the risk profile of the software. The data includes technical details, severity ratings, and references to external databases, ensuring that users have access to necessary context for informed decision-making. Whether investigating a specific incident or conducting a broad review of product security, this resource serves as a centralized repository for historical and current vulnerability information. The aggregation aims to improve transparency and facilitate faster response to emerging threats by making all relevant data easily searchable and accessible within a unified interface.

Vendor: 8theme

CVE IDTitleCVSSSeverityPublished
CVE-2026-3326 XStore < 9.7.3 - Unauthenticated SQLi --2026-06-10
CVE-2026-25305 WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2026-02-19
CVE-2026-25006 WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability CWE-80 5.3 Medium2026-02-19
CVE-2025-64193 WordPress XStore theme < 9.6.1 - Local File Inclusion vulnerability CWE-98 7.5 High2025-12-18
CVE-2025-64192 WordPress XStore theme < 9.6 - Broken Access Control vulnerability CWE-862 6.3 Medium2025-12-18
CVE-2025-64191 WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2025-12-18
CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion CWE-22 8.8 High2025-10-15
CVE-2025-60100 WordPress XStore theme < 9.6 - Content Injection vulnerability CWE-80 5.3 Medium2025-09-26
CVE-2024-33561 WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability CWE-862 7.5 High2024-06-09
CVE-2024-33563 WordPress XStore theme <= 9.3.8 - Broken Access Control vulnerability CWE-862 7.6 High2024-06-09
CVE-2024-33564 WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability CWE-862 8.8 High2024-06-09
CVE-2024-33560 WordPress XStore theme <= 9.3.8 - Unauthenticated Local File Inclusion vulnerability CWE-22 9.0 Critical2024-06-04
CVE-2024-33559 WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability CWE-89 9.3 Critical2024-04-29
CVE-2024-33562 WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-04-29

All 14 known CVE vulnerabilities affecting Xstore with full Chinese analysis, references, and POCs where available.