VYPR

Vendor CVEs

Averta

All CVEs

48 total · sorted by risk
  • CVE-2023-39163HigMay 17, 2024
    risk 0.56cvss 8.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0.

  • CVE-2023-38399HigMay 17, 2024
    risk 0.56cvss 8.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1.

  • CVE-2024-32600HigApr 18, 2024
    risk 0.54cvss 8.3epss 0.00

    Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5.

  • CVE-2023-47506HigDec 18, 2023
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5.

  • CVE-2023-47507HigDec 20, 2023
    risk 0.46cvss 7.1epss 0.00

    Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5.

  • CVE-2025-68558MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.

  • CVE-2025-58025MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider master-slider allows Stored XSS.This issue affects Master Slider: from n/a through <= 3.11.0.

  • CVE-2023-6382MedJun 1, 2024
    risk 0.42cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-3341MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.01

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-1396MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2024-1348MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-7064HigMay 2, 2024
    risk 0.42cvss 7.5epss 0.01

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function.…

  • CVE-2024-32580MedApr 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8.

  • CVE-2024-1357MedApr 16, 2024
    risk 0.42cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2023-50368MedDec 14, 2023
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.

  • CVE-2024-47381MedOct 5, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Depicter Slider depicter allows Stored XSS.This issue affects Depicter Slider: from n/a through <= 3.2.2.

  • CVE-2025-12379MedJan 10, 2026
    risk 0.35cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘title_tag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output…

  • CVE-2024-11731MedMar 5, 2025
    risk 0.35cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-9545MedDec 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.17.0 due to insufficient input sanitization and output escaping…

  • CVE-2024-12588MedDec 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-1384MedAug 29, 2024
    risk 0.35cvss 6.4epss 0.00

    The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user…

  • CVE-2024-3587MedJul 16, 2024
    risk 0.35cvss 6.4epss 0.00

    The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-4375MedJun 18, 2024
    risk 0.35cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user…

  • CVE-2024-4470MedMay 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-3517MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.01

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-1533MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-51491MedMar 16, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6.

  • CVE-2024-1449MedMar 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'src' user supplied…

  • CVE-2025-13215MedJan 6, 2026
    risk 0.34cvss 5.3epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This makes it possible for…

  • CVE-2024-47359MedNov 1, 2024
    risk 0.34cvss 5.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in averta Depicter Slider depicter.This issue affects Depicter Slider: from n/a through <= 3.2.2.

  • CVE-2024-0611MedMar 2, 2024
    risk 0.29cvss 4.4epss 0.01

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers, with editor-level access, to…

  • CVE-2025-69016MedDec 30, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15.

  • CVE-2025-39412MedMay 19, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in averta Master Slider master-slider.This issue affects Master Slider: from n/a through <= 3.11.0.

  • CVE-2024-50500MedFeb 3, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.4.

  • CVE-2022-47176MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.01

    Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0.

  • CVE-2023-6326MedMar 2, 2024
    risk 0.28cvss 5.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.10. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for…

  • CVE-2023-6493MedJan 5, 2024
    risk 0.21cvss 4.3epss 0.00

    The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it…

  • CVE-2025-63045Dec 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through <= 3.7.12.

  • CVE-2025-5291Jun 17, 2025
    risk 0.00cvss epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on…

  • CVE-2024-13757Mar 5, 2025
    risk 0.00cvss epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-8486Oct 5, 2024
    risk 0.00cvss epss 0.00

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and…

  • CVE-2024-43161Aug 12, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2.

  • CVE-2024-37414Jul 22, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.0.2.

  • CVE-2024-37222Jun 20, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0.

  • CVE-2023-50900Jun 19, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.

  • CVE-2023-37888May 17, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0.

  • CVE-2024-31099Apr 1, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.

  • CVE-2023-47508Nov 16, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions.