CVE-2025-64190 – WordPress XStore Core plugin < 5.6 – Cross Site Scripting (XSS) vulnerability

CVE ID : CVE-2025-64190

Published : Dec. 30, 2025, 4 p.m. | 23 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…