WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Unauthenticated Draft Posts Information Exposure vulnerability

Unauthenticated Draft Posts Information Exposure vulnerability discovered by Nguyen C in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...

EUVD-2022-42742

Malicious code in bioql PyPI...

EUVD-2024-31931

Malicious code in bioql PyPI...

CVE-2024-1348

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-12588 Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-9545 Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auxcontactbox and auxgmaps shortcodes in all versions up to, and including, 2.17.0 due to insufficient input sanitization and output escaping on user supplied...

PT-2024-26351 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.15.5 Description: The issue is related to Stored Cross-Site Scripting via the Accordion Widget due to insufficient input sanitization and outp...

CVE-2022-3359 Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...

PT-2022-21789 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme WordPress plugin versions prior to 2.10.7 Description: The issue arises from the unserialize of the content of an imported file, which could lead to PHP object injection when a user imports a...