Remote File Inclusion Vulnerability in 8theme XStore Theme
CVE-2025-64193

Currently unrated

Key Information:

Vendor

WordPress
Status
Xstore
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64193?

A vulnerability exists in the 8theme XStore theme that allows for improper control of filename inclusion. This flaw exposes the application to Local File Inclusion attacks, enabling an attacker to potentially execute arbitrary code by including files from the server or remote locations. The issue affects XStore versions from n/a through less than 9.6.1, necessitating prompt updates to mitigate risks and enhance security.

Affected Version(s)

XStore <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/xstor...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
JSON
.
CVE-2025-64193 : Remote File Inclusion Vulnerability in 8theme XStore Theme