Return to previous page

XSTORE core has alot of vulnerabilities and it affected my database, how to solve this ASAP?

This topic has 3 replies, 2 voices, and was last updated 2 months, 3 weeks ago ago by Jack Richardson

  • Avatar: ethashots
    ethashots
    Participant
    August 25, 2024 at 14:16

    I’ve been monitoring my website and have identified several attackers attempting SQL injections to manipulate the user lockout settings. Specifically, they are altering the database lockout time by setting it to 1970.

    I’ve conducted some research and performed vulnerability scans, which revealed the issues outlined below. Please also refer to the attached screenshot for further details. As I’m still in the testing phase of my pre-production environment, these vulnerabilities are preventing me from moving to production.

    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/et-core-plugin/xstore-core-535-unauthenticated-sql-injection

    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/et-core-plugin/xstore-core-535-unauthenticated-privilege-escalation

    #411541 Copied Theme version: 9.3.17
    2 Answers
    Avatar: ethashots
    ethashots
    Participant
    August 25, 2024 at 19:51

    any updates how to prevent sql injection please ?

    #411563 Copied
    Avatar: Jack Richardson
    Jack Richardson
    Support staff
    August 26, 2024 at 10:38

    Hello @ethashots,

    Thank you for reaching out to us.

    Regarding your inquiry about security vulnerabilities in the XSTORE CORE plugin, we have addressed and resolved these issues in the Version 9.3.9 / Core plugin 5.3.9 (Security Update) https://xstore.8theme.com/update-history/. For more details, please read our response here: [Security Update on XSTORE CORE]https://www.8theme.com/topic/urgent-vulnerability-in-xstore-is-it-solved/#post-396635.

    Should you have recently updated your theme and core plugin, please allow some time for your CPanel to clear the cache of the vulnerability results. Alternatively, you may contact their support team to expedite the vulnerability check for your website’s theme/core.

    Thank you for your attention to these matters. Should you have any further questions or require additional assistance, please do not hesitate to contact us.

    Best Regards,
    Jack Richardson
    8Theme’s Team

    #411627 Copied

  • Tagged: , , , , ,

  • Viewing 3 results - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.Log in/Sign up

8theme customization service

Useful links WooCommerce & WordPress

Unleash your online potential

Explore our best WordPress WooCommerce Themes collection

lazy-placeholder
Wedding – WordPress Theme
lazy-placeholder
Corporate – WordPress Theme
lazy-placeholder
Engineer Store – WordPress WooCommerce Theme
lazy-placeholder
Digital Marketing – WordPress WooCommerce Theme
lazy-placeholder
Architecture – WordPress Theme
lazy-placeholder
Baby Shop – WordPress WooCommerce Theme
lazy-placeholder
Organic Store – WordPress WooCommerce Theme
lazy-placeholder
Furniture Store 02 – WordPress WooCommerce Theme
lazy-placeholder
Jewellery Niche Market – Multivendor WP WooCommerce Theme
lazy-placeholder
Barbershop – WordPress WooCommerce Theme

See All Templates

We're using our own and third-party cookies to improve your experience and our website. Keep on browsing to accept our cookie policy.