What the vulnerability does
01Description
Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
CVE-2024-33552
CRITICAL
CVE-2024-33552: WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability
CVSS base score
9.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
May 17, 2024
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-43835 Privilege escalation in the Sulu Admin panel
CVE-2022-4808 Improper Privilege Management in usememos/memos
CVE-2025-1425 File Read Through Improper Sudo Privilege Management
CVE-2026-35607 File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands
CVE-2024-33522 Privilege escalation in Calico CNI install binary
