Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

8theme — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting 8theme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

8theme operates as a prominent provider of WordPress themes and plugins, primarily serving small to medium-sized businesses seeking customizable website templates. Its extensive product portfolio has historically attracted significant security scrutiny, resulting in twenty-five recorded Common Vulnerabilities and Exposures (CVEs). The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from inadequate input validation and insufficient sanitization of user-supplied data within plugin functionalities. Additionally, issues related to broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate site settings or execute malicious scripts. While the company generally responds to reported patches, the high volume of disclosed flaws highlights systemic challenges in maintaining secure code quality across its diverse ecosystem. These recurring incidents underscore the critical importance of rigorous security auditing for widely deployed third-party WordPress extensions.

Top products by 8theme: XStore XStore Core
CVE IDTitleCVSSSeverityPublished
CVE-2026-25306 WordPress XStore Core plugin <= 5.6.4 - Reflected Cross Site Scripting (XSS) vulnerability — XStore CoreCWE-79 7.1 High2026-03-25
CVE-2026-25307 WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability — XStore CoreCWE-79 6.5 Medium2026-02-19
CVE-2026-25305 WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability — XStoreCWE-79 6.5 Medium2026-02-19
CVE-2026-25006 WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability — XStoreCWE-80 5.3 Medium2026-02-19
CVE-2025-64190 WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability — XStore CoreCWE-79 6.5 Medium2025-12-30
CVE-2025-64192 WordPress XStore theme < 9.6 - Broken Access Control vulnerability — XStoreCWE-862 6.3 Medium2025-12-18
CVE-2025-64193 WordPress XStore theme < 9.6.1 - Local File Inclusion vulnerability — XStoreCWE-98 7.5 High2025-12-18
CVE-2025-64189 WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability — XStore CoreCWE-79 7.1 High2025-12-18
CVE-2025-64191 WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability — XStoreCWE-79 7.1 High2025-12-18
CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion — XStoreCWE-22 8.8 High2025-10-15
CVE-2025-60100 WordPress XStore theme < 9.6 - Content Injection vulnerability — XStoreCWE-80 5.3 Medium2025-09-26
CVE-2024-33555 WordPress XStore Core plugin <= 5.3.8 - Multiple Authenticated Broken Access Control vulnerability — XStore CoreCWE-862 8.1 High2024-06-09
CVE-2024-33561 WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability — XStoreCWE-862 7.5 High2024-06-09
CVE-2024-33563 WordPress XStore theme <= 9.3.8 - Broken Access Control vulnerability — XStoreCWE-862 7.6 High2024-06-09
CVE-2024-33564 WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability — XStoreCWE-862 8.8 High2024-06-09
CVE-2024-33560 WordPress XStore theme <= 9.3.8 - Unauthenticated Local File Inclusion vulnerability — XStoreCWE-22 9.0 Critical2024-06-04
CVE-2024-33557 WordPress XStore Core plugin <= 5.3.8 - Local File Inclusion vulnerability — XStore CoreCWE-22 8.5 High2024-06-04
CVE-2024-33552 WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability — XStore CoreCWE-269 9.8 Critical2024-05-17
CVE-2024-33556 WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability — XStore CoreCWE-434 8.2 High2024-05-17
CVE-2024-33558 WordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerability — XStore CoreCWE-862 6.5 Medium2024-04-29
CVE-2024-33553 WordPress XStore Core plugin <= 5.3.5 - Unauthenticated PHP Object Injection vulnerability — XStore CoreCWE-502 9.0 Critical2024-04-29
CVE-2024-33551 WordPress XStore Core plugin <= 5.3.5 - Unauthenticated SQL Injection vulnerability — XStore CoreCWE-89 9.3 Critical2024-04-29
CVE-2024-33559 WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability — XStoreCWE-89 9.3 Critical2024-04-29
CVE-2024-33554 WordPress XStore Core plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability — XStore CoreCWE-79 7.1 High2024-04-29
CVE-2024-33562 WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability — XStoreCWE-79 7.1 High2024-04-29

This page lists every published CVE security advisory associated with 8theme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.