Xstore
This hub aggregates every CVE we track for Xstore, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
13
CVEs tracked
2
Critical
7
High
0
In CISA KEV
Severity distribution
HIGH7MEDIUM4CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
3
0
2
0
0
0
0
2024-072026-06
Latest CVEs
The 13 most recently published vulnerabilities affecting Xstore.
- CVE-2026-25006WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability5.3
- CVE-2026-25305WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability6.5
- CVE-2025-64192WordPress XStore theme < 9.6 - Broken Access Control vulnerability6.3
- CVE-2025-64193WordPress XStore theme < 9.6.1 - Local File Inclusion vulnerability7.5
- CVE-2025-64191WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability7.1
- CVE-2025-11746XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion8.8
- CVE-2025-60100WordPress XStore theme < 9.6 - Content Injection vulnerability5.3
- CVE-2024-33561WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability7.5
- CVE-2024-33563WordPress XStore theme <= 9.3.8 - Broken Access Control vulnerability7.6
- CVE-2024-33564WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability8.8
- CVE-2024-33560WordPress XStore theme <= 9.3.8 - Unauthenticated Local File Inclusion vulnerability9.0
- CVE-2024-33559WordPress XStore theme <= 9.3.5 - Unauthenticated SQL Injection vulnerability9.3
- CVE-2024-33562WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability7.1
Product normalization is registry-driven with AI assist and human review. How it works