A vulnerability was found in Xstore Plugin up to 9.7.2 on WordPress and classified as critical . Impacted is an unknown function. The manipulation results in sql injection. This vulnerability is reported as CVE-2026-3326 . The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.