SQL Injection Vulnerability in XStore
CVE-2024-33559

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Xstore
Vendor: CVE Published:; 29 April 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An SQL Injection vulnerability exists in the XStore theme developed by 8theme. This security flaw enables an attacker to manipulate SQL queries by using specially crafted input, which can lead to unauthorized data exposure and potentially compromise the entire application. The vulnerability impacts all XStore versions from n/a to 9.3.5, making it crucial for users to apply appropriate security measures to safeguard their WordPress installations.

Affected Version(s)

XStore <= 9.3.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

WordPress-XStore-theme-SQL-Injection
Created by absholi7ly

References

https://patchstack.com/database/vulnerability/xstore/word...

vdb-entry

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
May 17, 2024
👾
Exploit known to exist
May 17, 2024
Vulnerability published
Apr 29, 2024

Credit

Rafie Muhammad (Patchstack)