Report
The XStore Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 5.3.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.
Score:8.1
Severity:High
Version: 5.3.8
There is a patch available in v5.3.9 and we strongly recommend you update to this version as soon as possible.
