CVE-2024-33551
CRITICAL EXPLOITED8theme XStore Core <= 5.3.5 - Unauthenticated SQL Injection
Title source: llmExploitation Summary
CVE-2024-33551 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5.
References (1)
Core 1
Core References
Scores
CVSS v3
9.3
EPSS
0.0061
EPSS Percentile
45.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2024-04-25
CWE
CWE-89
Status
published
Products (2)
8theme/XStore Core
< 5.3.5
8theme/xstore_core
< 5.3.9
Published
Apr 29, 2024
Tracked Since
Feb 18, 2026