WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Unauthenticated Draft Posts Information Exposure vulnerability

Unauthenticated Draft Posts Information Exposure vulnerability discovered by Nguyen C in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...

CVE-2025-12379

CVE-2025-12379 : The WordPress plugin “Shortcodes and extra features for Phlox theme” is vulnerable to Stored Cross-Site Scripting via the combination of the public-facing parameters ‘tag’ and ‘title_tag’ in all versions up to 2.17.13, due to insufficient input sanitization and output escaping. A...

CVE-2025-13215 Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxelsajaxsearch due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers...

WordPress plugin Shortcodes and extra features for Phlox theme 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...