189 matches found
CVE-2026-57737
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...
CVE-2026-57737 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...
CVE-2026-57737
Affect: WordPress plugin Shortcodes and extra features for Phlox theme (Averta LTD). Vulnerability: Cross-Site Scripting (XSS) of DOM-based type due to improper neutralization of input during web page generation. Affected versions: from n/a through 2.17.16. Context: The issue is documented across...
EUVD-2026-41105
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.21 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.21...
PT-2026-54892
Name of the Vulnerable Software and Affected Versions Shortcodes and extra features for Phlox theme versions prior to 2.17.17 Description Improper neutralization of input during web page generation allows for DOM-Based Cross-site Scripting XSS, a flaw where a script is executed in the victim's...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Staff Widget vulnerability discovered by zer0gh0st in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.2...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom JS vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'auxtimeline' Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'titletag' vulnerability discovered by WordFence in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'auxgmaps' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via auxcontactbox and auxgmaps Shortcodes vulnerability discovered by David Gallagher BatFeats - Adept Digital in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.0...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Modern Heading Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Unauthenticated Draft Posts Information Exposure vulnerability
Unauthenticated Draft Posts Information Exposure vulnerability discovered by Nguyen C in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...
CVE-2025-12379
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-12379
CVE-2025-12379 : The WordPress plugin “Shortcodes and extra features for Phlox theme” is vulnerable to Stored Cross-Site Scripting via the combination of the public-facing parameters ‘tag’ and ‘title_tag’ in all versions up to 2.17.13, due to insufficient input sanitization and output escaping. A...
PT-2026-1695
Name of the Vulnerable Software and Affected Versions Phlox Theme Plugin for WordPress versions prior to 2.17.14 Description The Shortcodes and extra features for Phlox theme plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs due to insufficient input sanitization and...