WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Staff Widget vulnerability discovered by zer0gh0st in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.2...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom JS vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'auxtimeline' Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'titletag' vulnerability discovered by WordFence in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'auxgmaps' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via auxcontactbox and auxgmaps Shortcodes vulnerability discovered by David Gallagher BatFeats - Adept Digital in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.0...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Modern Heading Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Unauthenticated Draft Posts Information Exposure vulnerability

Unauthenticated Draft Posts Information Exposure vulnerability discovered by Nguyen C in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...

CVE-2025-12379

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-12379

CVE-2025-12379 : The WordPress plugin “Shortcodes and extra features for Phlox theme” is vulnerable to Stored Cross-Site Scripting via the combination of the public-facing parameters ‘tag’ and ‘title_tag’ in all versions up to 2.17.13, due to insufficient input sanitization and output escaping. A...

CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

PT-2026-1695

Name of the Vulnerable Software and Affected Versions Phlox Theme Plugin for WordPress versions prior to 2.17.14 Description The Shortcodes and extra features for Phlox theme plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs due to insufficient input sanitization and...

WordPress plugin Shortcodes and extra features for Phlox theme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-50368

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2...

CVE-2025-4776

The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-4776

The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-13215

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxelsajaxsearch due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers...

CVE-2025-4776 Phlox <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute

The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...