15 matches found
CVE-2026-39708
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...
CVE-2026-40178
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...
CVE-2026-40178
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...
PT-2026-32031
Name of the Vulnerable Software and Affected Versions ajenti.plugin.core versions prior to 0.112 Description Prior to version 0.112, if two-factor authentication 2FA was enabled, password authentication could be bypassed. This allowed unauthorized access to the system. Recommendations Upgrade to...
EUVD-2026-20415
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...
CVE-2026-39708
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...
PT-2026-31270
Name of the Vulnerable Software and Affected Versions UiCore Elements versions through 1.3.14 Description A Stored Cross-site Scripting XSS issue exists in UiCore Elements due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts into w...
PT-2025-34912 · Unknown · Uicore Elements
Name of the Vulnerable Software and Affected Versions: UiCore Elements versions through 1.3.4 Description: The software contains a Stored Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts into web...
CVE-2024-50500
CVE-2024-50500 : Missing Authorization in By Averta Shortcodes and Phlox theme features (Shortcodes and extra features for Phlox theme) allows exploitation of insufficient access controls. Affected: WordPress Phlox Core Elements plugin up to version 2.17.2 (and Phlox theme components referenced a...
CVE-2024-50500 WordPress Phlox Core Elements plugin <= 2.17.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.4...
WordPress Phlox Core Elements plugin <= 2.17.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.4...
CVE-2023-37888 WordPress Phlox Core Elements plugin <= 2.14.0 - Unauthenticated Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0...
CVE-2024-31099 WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7...
CVE-2024-31099 WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7...
WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...