CVE-2024-33559

Name of the Vulnerable Software and Affected Versions: 8theme XStore versions n/a through 9.3.5

Description: The issue is related to improper neutralization of special elements used in an SQL command, which allows SQL injection. This can enable a remote attacker to execute arbitrary SQL queries to the database.

Recommendations: For versions n/a through 9.3.5, update to a version later than 9.3.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available. Avoid using user-supplied input in SQL queries to minimize the risk of exploitation.