Skip to main content

Shortcodes And Extra Features For Phlox Theme

15 CVEs product

Monthly

CVE-2026-57737 MEDIUM This Month

DOM-Based XSS in the Shortcodes and extra features for Phlox theme WordPress plugin (all versions through 2.17.16) permits a low-privileged authenticated attacker to inject malicious JavaScript that executes in victims' browsers via unsanitized shortcode input. Exploitation requires an attacker with at least contributor-level WordPress access and a privileged user to view the crafted page, enabling session hijacking, credential theft, or unauthorized administrative actions. No public exploit identified at time of analysis; vulnerability was disclosed by Patchstack and is not listed in CISA KEV.

XSS Shortcodes And Extra Features For Phlox Theme
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-9545 MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12588 MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-8486 MEDIUM PATCH This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3517 MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3341 MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1533 MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1396 MEDIUM PATCH This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1348 MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-7064 HIGH This Week

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-1357 MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-31099 HIGH This Week

Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.15.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-50368 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-3359 HIGH This Week

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP WordPress Shortcodes And Extra Features For Phlox Theme
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-1910 MEDIUM POC This Month

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

DOM-Based XSS in the Shortcodes and extra features for Phlox theme WordPress plugin (all versions through 2.17.16) permits a low-privileged authenticated attacker to inject malicious JavaScript that executes in victims' browsers via unsanitized shortcode input. Exploitation requires an attacker with at least contributor-level WordPress access and a privileged user to view the crafted page, enabling session hijacking, credential theft, or unauthorized administrative actions. No public exploit identified at time of analysis; vulnerability was disclosed by Patchstack and is not listed in CISA KEV.

XSS Shortcodes And Extra Features For Phlox Theme
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.15.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shortcodes And Extra Features For Phlox Theme
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP WordPress +1
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy