XSTORE core has alot of vulnerabilities and it affected my database, how to solve this ASAP?

This topic has 3 replies, 2 voices, and was last updated 3 months, 3 weeks ago ago by Jack Richardson

  • Avatar: ethashots
    ethashots
    Participant
    August 25, 2024 at 14:16

    I’ve been monitoring my website and have identified several attackers attempting SQL injections to manipulate the user lockout settings. Specifically, they are altering the database lockout time by setting it to 1970.

    I’ve conducted some research and performed vulnerability scans, which revealed the issues outlined below. Please also refer to the attached screenshot for further details. As I’m still in the testing phase of my pre-production environment, these vulnerabilities are preventing me from moving to production.

    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/et-core-plugin/xstore-core-535-unauthenticated-sql-injection

    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/et-core-plugin/xstore-core-535-unauthenticated-privilege-escalation

    2 Answers
    Avatar: ethashots
    ethashots
    Participant
    August 25, 2024 at 19:51

    any updates how to prevent sql injection please ?

    Avatar: Jack Richardson
    Jack Richardson
    Support staff
    August 26, 2024 at 10:38

    Hello @ethashots,

    Thank you for reaching out to us.

    Regarding your inquiry about security vulnerabilities in the XSTORE CORE plugin, we have addressed and resolved these issues in the Version 9.3.9 / Core plugin 5.3.9 (Security Update) https://xstore.8theme.com/update-history/. For more details, please read our response here: [Security Update on XSTORE CORE]https://www.8theme.com/topic/urgent-vulnerability-in-xstore-is-it-solved/#post-396635.

    Should you have recently updated your theme and core plugin, please allow some time for your CPanel to clear the cache of the vulnerability results. Alternatively, you may contact their support team to expedite the vulnerability check for your website’s theme/core.

    Thank you for your attention to these matters. Should you have any further questions or require additional assistance, please do not hesitate to contact us.

    Best Regards,
    Jack Richardson
    8Theme’s Team

  • Viewing 3 results - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.Log in/Sign up

We're using our own and third-party cookies to improve your experience and our website. Keep on browsing to accept our cookie policy.