VYPR

Shortcodes And Extra Features For Phlox Theme

by Averta

CVEs (17)

  • CVE-2024-3341MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.01

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-1396MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2024-1348MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-7064HigMay 2, 2024
    risk 0.42cvss 7.5epss 0.01

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function.…

  • CVE-2024-1357MedApr 16, 2024
    risk 0.42cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2023-50368MedDec 14, 2023
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.

  • CVE-2025-12379MedJan 10, 2026
    risk 0.35cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘title_tag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output…

  • CVE-2024-9545MedDec 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.17.0 due to insufficient input sanitization and output escaping…

  • CVE-2024-12588MedDec 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-3517MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.01

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-1533MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2025-13215MedJan 6, 2026
    risk 0.34cvss 5.3epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This makes it possible for…

  • CVE-2025-69016MedDec 30, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15.

  • CVE-2024-50500MedFeb 3, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.4.

  • CVE-2024-8486Oct 5, 2024
    risk 0.00cvss epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and…

  • CVE-2023-37888May 17, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0.

  • CVE-2024-31099Apr 1, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.