[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":36,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":43,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":49,"vulnerability-29443":56},[4,15,21,27],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"phpBB authentication bypass - Sniper","phpbb-authentication-bypass-sniper","PoC details now live: 2 new CVEs our research team discovered in phpBB","https://pentest-tools.com/research/phpbb-authentication-bypass",true,[11],"/exploit-helpers/sniper","See the details","secondary","phpbb-authentication-bypass",{"title":16,"slug":17,"text":7,"link":8,"external":9,"targets":18,"cta":20,"variant":13,"campaign_id":14},"phpBB authentication bypass - CVE page","phpbb-authentication-bypass-cve",[19],"/vulnerabilities-exploits","Read the research",{"title":22,"slug":23,"text":24,"link":8,"external":9,"targets":25,"cta":26,"variant":13,"campaign_id":14},"phpBB authentication bypass - VulnDB homepage","phpbb-authentication-bypass-vulndb","The Network Scanner detects 2 new phpBB CVEs our research team found",[19],"See the PoC details",{"title":28,"slug":29,"text":30,"link":31,"external":9,"targets":32,"cta":34,"variant":35,"campaign_id":29},"Office Hours #7 - Emergency CVE response","office-hours-7","Free live Office Hours, Wed Jul 15. Emergency CVE response","https://zoom.us/webinar/register/5117815316917/WN_O1WFe8opSDeTB4KAOTYMcA",[33],"/","Save your spot","primary",["Island",37],{"key":38,"params":39,"result":41},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":40},"{}",{"head":42},{},["Island",44],{"key":45,"params":46,"result":47},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":40},{"head":48},{},["Island",50],{"key":51,"params":52,"result":54},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":53},"{\"text-color\":\"gray\"}",{"head":55},{},{"id":57,"detectable_with":58,"vuln_details":65,"vuln_id":81,"name":82,"published":83,"updated":66},29443,{"tool":59,"engine":62},{"id":60,"name":61},1,"Network Scanner",{"id":63,"name":64},2,"Nuclei",{"id":57,"codename":66,"description":66,"severity":67,"risk_description":68,"public_description":69,"public_recommendation":70,"recommendation":66,"references":71,"cvssv3":74,"epss_score":75,"epss_percentile":76,"cve":77,"in_cisa_catalog":79,"date":80,"software_type":66,"vendor":66,"product":66,"ptt_exploit_capabilities":66},null,"high","Unauthenticated attackers can extract arbitrary data from the WordPress database, including credentials, session tokens, and WooCommerce customer records.","The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","Update XStore theme to version 9.7.3 or later.",[72,73],"https://wpscan.com/vulnerability/2c5bdb17-8b12-45b5-878b-627056dc8956/","https://nvd.nist.gov/vuln/detail/CVE-2026-3326",8.6,0.00282,0.20066,[78],"CVE-2026-3326",false,"2026-06-10T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2026-3326","XStore Theme \u003C 9.7.3 - SQL Injection","2026-07-14T00:00:00Z"]