CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50368 – WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.15.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-50368
06 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Averta Shortcodes and extra features for Phlox theme permite almacenar XSS. Este problema afecta a Shortcodes and extra fe... • https://patchstack.com/database/vulnerability/auxin-elements/wordpress-shortcodes-and-extra-features-for-phlox-theme-plugin-2-15-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3359 – Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection
https://notcve.org/view.php?id=CVE-2022-3359
17 Nov 2022 — The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. El complemento de WordPress Shortcodes and extra features para el tema Phlox anterior a 2.10.7 deserializa el contenido de un archivo importado, lo que podría provocar la inyección de objetos PHP cuando un usuario importa (intencion... • https://wpscan.com/vulnerability/08f3ce22-94a0-496a-aaf9-d35b6b0f5bb6 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 1CVE-2022-1910 – Shortcodes and extra features for Phlox theme < 2.9.8 - Reflected Cross-Site-Scripting
https://notcve.org/view.php?id=CVE-2022-1910
20 Jun 2022 — The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting El plugin Shortcodes and extra features for Phlox WordPress anterior a la versión 2.9.8 no sanea y escapa de un parámetro antes de devolverlo a la respuesta, lo que lleva a un Reflected Cross-Site Scripting • https://wpscan.com/vulnerability/8afe1638-66fa-44c7-9d02-c81573193b47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •