WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability
CVE-2024-33552

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Xstore Core
Vendor: CVE Published:; 17 May 2024

What is CVE-2024-33552?

The vulnerability identified in XStore Core by 8theme relates to improper privilege management, which allows unauthorized users to potentially escalate their privileges. This can lead to unauthorized access to sensitive data or operations within the application. Affected versions span from the earliest release up to 5.3.8, highlighting the importance of updating to secure user interactions and maintain administrative control.

Affected Version(s)

XStore Core <= 5.3.8

References

https://patchstack.com/database/vulnerability/et-core-plu...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Apr 24, 2024

Credit

Rafie Muhammad (Patchstack)