PatchSiren

Xstore CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Xstore CVE published 2026-06-10

CVE-2026-3326

A SQL injection vulnerability was discovered in the Xstore WordPress theme prior to version 9.7.3. The vulnerability occurs due to improper sanitization and escaping of a parameter used in a SQL statement via an AJAX action accessible to unauthenticated users.