CVE-2026-10855 MISP Event template importer authorization bypass

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

CVE-2023-7064

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

PT-2024-15193 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.15.2 Description: The issue concerns PHP Object Injection via deserialization of untrusted input from the vulnerable id parameter in the auxin...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer vulnerability

Authenticated Subscriber+ PHP Object Injection via auxintemplatecontrolimporter vulnerability discovered by Rhynorater - Critical Thinking Podcast, Michael Brackett in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.5...