3 matches found
CVE-2024-1384
creationtimestamp| type| source ---|---|--- 2024-08-29 16:13:11+00:00| seen| https://t.me/cvedetector/4397...
CVE-2024-1384 Premium Portfolio Features for Phlox theme <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-1384
CVE-2024-1384 is a stored XSS in the Premium Portfolio Features for Phlox theme plugin for WordPress. It affects all versions up to 2.3.3 and arises from insufficient input sanitization and output escaping on user-supplied attributes of the plugin’s aux_recent_portfolios_grid shortcode. An authen...