XStore Shopping Cart Software Allows Harmful Code Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

XStore Shopping Cart Software Allows Harmful Code Injection

CVE-2026-25006

Summary

A security issue in XStore shopping cart software allows hackers to inject malicious code into a website, potentially stealing or manipulating customer data. This affects XStore versions up to 9.6.4, so it's essential to update to the latest version. Update XStore to the latest version to patch this vulnerability and protect your site.

Original title

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4.

Original description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4.

nvd CVSS3.1 5.3

Vulnerability type

CWE-80 Basic XSS

https://patchstack.com/database/Wordpress/Theme/xstore/vulnerability/wordpress-x...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026