CVE-2024-33551

Name of the Vulnerable Software and Affected Versions 8theme XStore Core versions from n/a through 5.3.5

Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL injection, potentially enabling access to database commands. A proof of concept (POC) demonstrates the vulnerability using a POST request to the / endpoint with a malicious SQL query. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For 8theme XStore Core versions from n/a through 5.3.5, update to a version later than 5.3.5 to resolve the issue. As a temporary workaround, consider restricting access to the / endpoint to minimize the risk of exploitation. Avoid using user-input data in SQL queries until the issue is resolved. At the moment, there is no additional information about other mitigation measures.