2 matches found
CVE-2024-1384
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes...
PT-2024-17996 · WordPress · Premium Portfolio Features For Phlox
Name of the Vulnerable Software and Affected Versions: Premium Portfolio Features for Phlox theme plugin for WordPress versions up to, and including, 2.3.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'aux recent portfolios grid' shortcode due to insufficient...