CVE-2024-12588

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-9545

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auxcontactbox and auxgmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-9545 Shortcodes and extra features for Phlox theme <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auxcontactbox and auxgmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-8486

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This make...

CVE-2024-1384

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-1384

CVE-2024-1384 is a stored XSS in the Premium Portfolio Features for Phlox theme plugin for WordPress. It affects all versions up to 2.3.3 and arises from insufficient input sanitization and output escaping on user-supplied attributes of the plugin’s aux_recent_portfolios_grid shortcode. An authen...

CVE-2024-3517

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-1533

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-1348

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-1348

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2023-7064

The CVE-2023-7064 entry concerns the WordPress plugin Shortcodes and extra features for Phlox theme (auxin-elements). It describes a PHP Object Injection vulnerability via deserialization of untrusted input from the vulnerable id parameter in the function auxin_template_control_importer, affectin...

CVE-2024-3517

CVE-2024-3517 corresponds to the WordPress plugin/ theme issue in Shortcodes and extra features for Phlox theme (auxin-elements). Affected: Phlox theme versions up to and including 2.15.5. Root cause: insufficient input sanitization and output escaping in the Accordion Widget (Stored XSS). Impact...

CVE-2024-3517 Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Widget

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-18119 · Elementor +1 · Elementor +1

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.15.5 Description: The issue is related to Stored Cross-Site Scripting via the HTML Element due to insufficient input sanitization and output...

CVE-2024-1357

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auxtimeline shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes such as...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.5...

PT-2024-21946 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.1.3 Description: A Server-Side Request Forgery SSRF issue in the installUpdateThemePluginAction function allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A server request forgery vulnerability exists in the WonderCMS installUpdateThemePluginAction function, which can be exploited by an attacker to conduct an SSRF attack, thereby forcing the application to make arbitrary requests...