XStore — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in XStore, with AI-generated Chinese analysis, references, and POCs.

Vendor: 8theme

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25305	WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability CWE-79	6.1^AI	Medium^AI	2026-02-19
CVE-2026-25006	WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability CWE-80	5.3	Medium	2026-02-19
CVE-2025-64193	WordPress XStore theme < 9.6.1 - Local File Inclusion vulnerability CWE-98	9.1^AI	Critical^AI	2025-12-18
CVE-2025-64192	WordPress XStore theme < 9.6 - Broken Access Control vulnerability CWE-862	8.1^AI	High^AI	2025-12-18
CVE-2025-64191	WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability CWE-79	6.1^AI	Medium^AI	2025-12-18
CVE-2025-11746	XStore \| Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion CWE-22	8.8	High	2025-10-15
CVE-2025-60100	WordPress XStore theme < 9.6 - Content Injection vulnerability CWE-80	5.3	Medium	2025-09-26
CVE-2024-33561	WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability CWE-862	7.5	High	2024-06-09
CVE-2024-33563	WordPress XStore theme <= 9.3.8 - Broken Access Control vulnerability CWE-862	7.6	High	2024-06-09
CVE-2024-33564	WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability CWE-862	8.8	High	2024-06-09
CVE-2024-33560	WordPress XStore theme <= 9.3.8 - Unauthenticated Local File Inclusion vulnerability CWE-22	9.0	Critical	2024-06-04
CVE-2024-33559	WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability CWE-89	9.3	Critical	2024-04-29
CVE-2024-33562	WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79	7.1	High	2024-04-29

All 13 known CVE vulnerabilities affecting XStore with full Chinese analysis, references, and POCs where available.