Path Traversal Vulnerability in XStore Allows PHP Local File Inclusion
CVE-2024-33560

9CRITICAL

Key Information:

Vendor: WordPress
Status: Xstore
Vendor: CVE Published:; 4 June 2024

Summary

The vulnerability in the XStore theme by 8theme pertains to an improper limitation of a pathname to a restricted directory, commonly referred to as a path traversal issue. This flaw allows attackers to exploit how file paths are handled, leading to potential PHP local file inclusion. As a result, unauthorized users could gain access to sensitive files within the web server's filesystem, posing significant risks to the integrity and confidentiality of the application's data. This vulnerability affects various versions of the XStore theme, making it crucial for users to address this issue promptly.

Affected Version(s)

XStore <= 9.3.8

References

https://patchstack.com/database/vulnerability/xstore/word...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 4, 2024
Vulnerability Reserved
Apr 24, 2024

Credit

Rafie Muhammad (Patchstack)