cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12588,https://securityvulnerability.io/vulnerability/CVE-2024-12588,Stored Cross-Site Scripting Vulnerability in Phlox Theme Plugin for WordPress,"The Phlox theme plugin for WordPress, developed by Auxin, has a severe stored cross-site scripting (XSS) vulnerability identified as CVE-2024-12588. This issue arises from inadequate input sanitization and output escaping within the plugin's Staff widget. It permits authenticated attackers with contributor-level access or higher to inject malicious scripts within the plugin, which will then be executed whenever a user visits an affected page. This vulnerability poses a significant risk to WordPress site security, particularly for websites using the Phlox theme plugin version 2.16.4 or earlier.",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-21T08:23:59.519Z,0
CVE-2024-9545,https://securityvulnerability.io/vulnerability/CVE-2024-9545,Stored Cross-Site Scripting Vulnerability in Phlox Theme Plugin for WordPress,"The Phlox theme plugin for WordPress contains a critical Stored Cross-Site Scripting vulnerability (CVE-2024-9545) that affects all versions up to and including 2.16.4. This security flaw arises from inadequate input sanitization and output escaping in the plugin's aux_contact_box and aux_gmaps shortcodes. Authenticated attackers with contributor-level privileges can exploit this vulnerability to inject arbitrary web scripts into pages, resulting in potential malicious code execution whenever users access those pages. It is crucial for users to update to the latest version of the plugin to mitigate the risk associated with this vulnerability.",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-21T08:23:58.932Z,0
CVE-2024-8486,https://securityvulnerability.io/vulnerability/CVE-2024-8486,Stored Cross-Site Scripting Vulnerability Affects Phlox Theme Plugin,"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-10-05T07:39:00.891Z,0
CVE-2023-7064,https://securityvulnerability.io/vulnerability/CVE-2023-7064,Vulnerability in Phlox theme plugin allows attackers to inject PHP objects via deserialization of untrusted input,"The Phlox theme plugin for WordPress is affected by a PHP Object Injection vulnerability that allows authenticated attackers to exploit the deserialization of untrusted input from the 'id' parameter in the 'auxin_template_control_importer' function. Versions prior to 2.15.2 are susceptible, enabling attackers who can upload a separate PHAR payload as an image file to inject malicious PHP objects. Although no payload operation chain exists within the plugin itself, if a payload operation chain is introduced through other plugins or themes on the same system, it could lead to significant risks including arbitrary file deletion, unauthorized data retrieval, or code execution.",Wordpress,Shortcodes And Extra Features For Phlox Theme,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:50.526Z,0
CVE-2024-3517,https://securityvulnerability.io/vulnerability/CVE-2024-3517,Stored Cross-Site Scripting in Phlox Theme Plugin for WordPress,"The Phlox theme plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability through its Accordion Widget due to inadequate input sanitization and output escaping measures. Authenticated attackers with contributor access or higher can exploit this flaw to inject malicious web scripts. These scripts will be executed whenever users visit affected pages, potentially compromising user data and website integrity.",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:28.825Z,0
CVE-2024-1533,https://securityvulnerability.io/vulnerability/CVE-2024-1533,Stored Cross-Site Scripting Vulnerability in Phlox Theme Plugin for WordPress,"The Phlox theme plugin for WordPress contains a vulnerability that enables stored cross-site scripting (XSS) due to inadequate input sanitization and output escaping methods. This flaw impacts all versions of the plugin up to and including version 2.15.5. Authenticated attackers with contributor privileges or higher can exploit this vulnerability to inject malicious web scripts into pages. These scripts will execute whenever a user accesses the compromised page, potentially leading to unauthorized actions and data theft. The exploitation requires both the Elementor and the Phlox theme to be installed, making it crucial for users to apply security measures.",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:22.761Z,0
CVE-2024-1396,https://securityvulnerability.io/vulnerability/CVE-2024-1396,Stored Cross-Site Scripting Vulnerability in Phlox Theme Plugin for WordPress,"The Phlox theme plugin for WordPress is susceptible to a stored cross-site scripting (XSS) vulnerability stemming from insufficient input sanitization and output escaping in the 'title_tag' parameter. This flaw allows authenticated attackers with contributor-level and higher permissions to inject malicious web scripts into pages. When users access these compromised pages, the injected scripts can be executed, potentially leading to unauthorized actions or data exposure.",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:07.802Z,0
CVE-2024-3341,https://securityvulnerability.io/vulnerability/CVE-2024-3341,Stored Cross-Site Scripting Vulnerability in Phlox Theme Plugin for WordPress,"The Phlox theme plugin for WordPress is vulnerable to stored cross-site scripting due to inadequate input sanitization and output escaping on user-supplied attributes within the 'aux_gmaps' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious web scripts into pages. These scripts will execute whenever users access the affected pages, posing significant security risks to users and websites.",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:58.753Z,0
CVE-2024-1348,https://securityvulnerability.io/vulnerability/CVE-2024-1348,Stored Cross-Site Scripting Vulnerability in Phlox Theme Plugin for WordPress,"The Phlox theme plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to improper input sanitization and output escaping. This flaw allows authenticated attackers with contributor access or higher to embed malicious web scripts through the custom JS parameter. As a result, these scripts execute whenever a user accesses the compromised page, potentially compromising user data and site integrity. It is imperative for users of affected versions to apply security patches and enhance input handling practices to mitigate risks associated with this vulnerability.",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:51:44.976Z,0
CVE-2024-1357,https://securityvulnerability.io/vulnerability/CVE-2024-1357,Stored Cross-Site Scripting Vulnerability in Phlox Theme Plugin,"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes such as thumb_mode and date_type. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-16T09:33:00.476Z,0
CVE-2022-3359,https://securityvulnerability.io/vulnerability/CVE-2022-3359,Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection,"The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.",Wordpress,Shortcodes And Extra Features For Phlox Theme,8.8,HIGH,0.0019399999873712659,false,,false,false,false,,false,false,2022-12-12T17:54:32.235Z,0
CVE-2022-1910,https://securityvulnerability.io/vulnerability/CVE-2022-1910,Shortcodes and extra features for Phlox theme < 2.9.8 - Reflected Cross-Site-Scripting,"The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting",Wordpress,Shortcodes And Extra Features For Phlox Theme,6.1,MEDIUM,0.0010999999940395355,false,,false,false,false,,false,false,2022-07-11T12:56:28.000Z,0