Ghostwire
Home / Vulnerabilities / CVE-2026-3326

CVE-2026-3326: The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL...

HIGH CVSS 7.5

Published: June 10, 2026 | Last Modified: June 10, 2026

Description

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (13 articles)

Tenable CVEs
CVE-2026-3326
 CVE Feed
CVE-2026-3326 - XStore < 9.7.3 - Unauthenticated SQLi
 CVE Feed
CVE-2026-33261 - Null pointer accces in aggressive NSEC(3) cache
 CVE Feed
CVE-2026-33262 - Insufficient validation of cookie reply
 CVE Feed
CVE-2026-33260 - Insufficient input validation of internal webserver
 Tenable CVEs
CVE-2026-33260
 Tenable CVEs
CVE-2026-33262
 Tenable CVEs
CVE-2026-33261
 Tenable CVEs
CVE-2026-33266
 CVE Feed
CVE-2026-33266 - Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt
 Tenable CVEs
CVE-2026-33268
 CVE Feed
CVE-2026-33268 - Nanoleaf Lines unauthenticated firmware file store
 Tenable CVEs
CVE-2026-33265

References