8theme XStore WordPress Theme Content Injection Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability allowing code injection has been identified in the 8theme XStore WordPress theme, affecting versions through 9.5.3. This vulnerability arises from improper neutralization of script-related HTML tags, which could enable a malicious actor to inject content into the website's pages and posts. Such an injection could be exploited to introduce phishing pages or other harmful content.

Impact

Exploitation of this vulnerability could lead to unauthorized content injection on the affected WordPress site, potentially allowing for the introduction of phishing pages or other malicious content.

Added: Sep 26, 2025, 10:06 AM

Updated: Sep 26, 2025, 3:34 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

6.5

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

6.5

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

8theme XStore WordPress Theme Content Injection Vulnerability

Vulnerability

Impact

Affected Products

8theme XStore

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating