EUVD-2026-1845

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

EUVD-2022-25182

Malicious code in bioql PyPI...

CVE-2022-1910

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

CVE-2023-7064

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

CVE-2024-1396 Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag'

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2022-1910

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

CVE-2022-1910

The CVE-2022-1910 is tied to the WordPress Shortcodes and Extra Features for Phlox plugin (pre-2.9.8). The NUCLEI template confirms a cross-site scripting flaw where the plugin does not sanitize/escape a parameter before echoing it in the response. This allows an attacker to inject arbitrary scri...