Auxin Elements
by WordPress
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3341 | Med | 0.42 | 6.4 | 0.01 | May 2, 2024 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied… | ||
| CVE-2024-1348 | Med | 0.42 | 6.4 | 0.00 | May 2, 2024 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2023-7064 | Hig | 0.42 | 7.5 | 0.01 | May 2, 2024 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function.… | ||
| CVE-2025-12379 | Med | 0.35 | 6.4 | 0.00 | Jan 10, 2026 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘title_tag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output… | ||
| CVE-2024-9545 | Med | 0.35 | 6.4 | 0.00 | Dec 21, 2024 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.17.0 due to insufficient input sanitization and output escaping… | ||
| CVE-2024-3517 | Med | 0.35 | 6.4 | 0.01 | May 2, 2024 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-1533 | Med | 0.35 | 6.4 | 0.00 | May 2, 2024 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2025-13215 | Med | 0.34 | 5.3 | 0.00 | Jan 6, 2026 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This makes it possible for… | ||
| CVE-2025-63071 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15. | ||
| CVE-2025-69016 | Med | 0.28 | 4.3 | 0.00 | Dec 30, 2025 | Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15. | ||
| CVE-2024-50500 | Med | 0.28 | 4.3 | 0.00 | Feb 3, 2025 | Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.4. |
- risk 0.42cvss 6.4epss 0.01
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied…
- risk 0.42cvss 6.4epss 0.00
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.42cvss 7.5epss 0.01
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function.…
- risk 0.35cvss 6.4epss 0.00
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘title_tag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output…
- risk 0.35cvss 6.4epss 0.00
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.17.0 due to insufficient input sanitization and output escaping…
- risk 0.35cvss 6.4epss 0.01
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.34cvss 5.3epss 0.00
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This makes it possible for…
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.4.