XStore Core — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in XStore Core, with AI-generated Chinese analysis, references, and POCs.

Vendor: 8theme

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25306	WordPress XStore Core plugin <= 5.6.4 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79	7.1	High	2026-03-25
CVE-2026-25307	WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2026-02-19
CVE-2025-64190	WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2025-12-30
CVE-2025-64189	WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability CWE-79	7.1	High	2025-12-18
CVE-2024-33555	WordPress XStore Core plugin <= 5.3.8 - Multiple Authenticated Broken Access Control vulnerability CWE-862	8.1	High	2024-06-09
CVE-2024-33557	WordPress XStore Core plugin <= 5.3.8 - Local File Inclusion vulnerability CWE-22	8.5	High	2024-06-04
CVE-2024-33552	WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability CWE-269	9.8	Critical	2024-05-17
CVE-2024-33556	WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability CWE-434	8.2	High	2024-05-17
CVE-2024-33558	WordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerability CWE-862	6.5	Medium	2024-04-29
CVE-2024-33553	WordPress XStore Core plugin <= 5.3.5 - Unauthenticated PHP Object Injection vulnerability CWE-502	9.0	Critical	2024-04-29
CVE-2024-33551	WordPress XStore Core plugin <= 5.3.5 - Unauthenticated SQL Injection vulnerability CWE-89	9.3	Critical	2024-04-29
CVE-2024-33554	WordPress XStore Core plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79	7.1	High	2024-04-29

All 12 known CVE vulnerabilities affecting XStore Core with full Chinese analysis, references, and POCs where available.