Vulnerabilities (CVE)

Filtered by vendor Averta Subscribe
Filtered by product Shortcodes And Extra Features For Phlox Theme
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50368 1 Averta 1 Shortcodes And Extra Features For Phlox Theme 2024-11-21 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.
CVE-2022-3359 1 Averta 1 Shortcodes And Extra Features For Phlox Theme 2024-11-21 N/A 8.8 HIGH
The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
CVE-2022-1910 1 Averta 1 Shortcodes And Extra Features For Phlox Theme 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting