CVE-2026-3326

{"id": "CVE-2026-3326", "cveTags": [], "metrics": {}, "published": "2026-06-10T07:16:25.263", "references": [{"url": "https://wpscan.com/vulnerability/2c5bdb17-8b12-45b5-878b-627056dc8956/", "source": "contact@wpscan.com"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection"}], "lastModified": "2026-06-10T07:16:25.263", "sourceIdentifier": "contact@wpscan.com"}