Key Information About the Vulnerability Overview Title: WordPress XStore Theme < 9.6 is vulnerable to a medium priority Broken Access Control Priority: Medium CVSS Score: 6.3 Risk This vulnerability is moderately dangerous and can be exploited if not addressed. Solutions 1. Automatically mitigate vulnerabilities and keep your websites safe with Patchstack. 2. Update to version 9.6 or later to resolve the vulnerability. Details Software: XStore Type: Theme Vulnerable Versions: < 9.6 Fixed in: 9.6 Timeline Reported by: Rafie Muhammad (Patchstack) on 11 Aug, 2025 Vulnerability Description A broken access control issue exists due to a lack of proper authorization, authentication, or nonce token checks, allowing unprivileged users to perform higher-privileged actions. Additional Information Patchstack has issued a mitigation rule to block attacks until an update is applied.