Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Shortcodes and extra features for Phlox theme — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Shortcodes and extra features for Phlox theme, with AI-generated Chinese analysis, references, and POCs.

This page aggregates security vulnerabilities for the Shortcodes and extra features for Phlox theme product, focusing on common weakness classifications associated with this specific WordPress plugin. The collection encompasses known issues identified within the software, including injection flaws, cross-site scripting vulnerabilities, and improper access control mechanisms that may arise from inadequate sanitization of shortcodes or template handling. The data covers vulnerability disclosures reported over the past twelve months, providing a comprehensive view of the security posture of this popular theme extension. Readers can utilize this resource to track vendor advisories as they are published and understand the specific weakness classes that frequently impact this product. By examining the detailed history, users can assess the remediation speed of the vendor and identify recurring patterns in code quality. This information is critical for site administrators to prioritize patches and for security researchers to analyze trends in plugin development practices. The page serves as a centralized reference point for understanding the risk landscape associated with this particular tool, allowing stakeholders to make informed decisions about deployment and maintenance strategies without relying on scattered reports.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget CWE-79 6.4 Medium2026-01-10
CVE-2025-13215 Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure CWE-200 5.3 Medium2026-01-06
CVE-2025-69016 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability CWE-862 4.3 Medium2025-12-30
CVE-2025-63071 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Sensitive Data Exposure vulnerability CWE-201 5.3 Medium2025-12-09
CVE-2024-50500 WordPress Phlox Core Elements plugin <= 2.17.4 - Broken Access Control vulnerability CWE-862 4.3 Medium2025-02-03
CVE-2024-12588 Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget CWE-79 6.4 Medium2024-12-21
CVE-2024-9545 Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes CWE-79 6.4 Medium2024-12-21
CVE-2024-8486 Shortcodes and extra features for Phlox theme <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets CWE-79 6.4 Medium2024-10-05
CVE-2023-37888 WordPress Phlox Core Elements plugin <= 2.14.0 - Unauthenticated Local File Inclusion vulnerability CWE-22 7.6 High2024-05-17
CVE-2023-7064 Shortcodes and extra features for Phlox theme <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer CWE-502 7.5 High2024-05-02
CVE-2024-3517 Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Widget CWE-79 6.4 Medium2024-05-02
CVE-2024-1533 Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-02
CVE-2024-1396 Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' CWE-79 6.4 Medium2024-05-02
CVE-2024-3341 Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode CWE-79 6.4 Medium2024-05-02
CVE-2024-1348 Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS CWE-79 6.4 Medium2024-05-02
CVE-2024-1357 Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode CWE-79 6.4 Medium2024-04-16
CVE-2024-31099 WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability CWE-862 6.4 Medium2024-04-01
CVE-2023-50368 WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.15.2 is vulnerable to Cross Site Scripting (XSS) CWE-79 6.5 Medium2023-12-14
CVE-2022-3359 Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection 8.8 -2022-12-12
CVE-2022-1910 Shortcodes and extra features for Phlox theme < 2.9.8 - Reflected Cross-Site-Scripting CWE-79 6.1 -2022-07-11

All 20 known CVE vulnerabilities affecting Shortcodes and extra features for Phlox theme with full Chinese analysis, references, and POCs where available.