CVE-2026-3326

UNKNOWN 0.0

XStore < 9.7.3 - Unauthenticated SQLi

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Vendor	unknown
Product	xstore
Published	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for unknown xstore

Be the first to know when new unknown vulnerabilities affecting unknown xstore are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Xstore

0 < 9.7.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/2c5bdb17-8b12-45b5-878b-627056dc8956/

Credits

Ahmed Makawi WPScan