Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Averta — Vulnerabilities & Security Advisories 55

Browse all 55 CVE security advisories affecting Averta. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Averta provides enterprise-grade security solutions focused on protecting critical infrastructure and industrial control systems from cyber threats. With fifty-five Common Vulnerabilities and Exposures (CVEs) currently documented, the company’s software has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and weak authentication mechanisms within its management interfaces. While specific major public incidents remain limited in widespread media coverage, the high volume of disclosed CVEs indicates persistent challenges in secure coding practices across various product versions. Security researchers frequently highlight the potential for unauthorized access to sensitive operational data, emphasizing the need for rigorous patch management. The profile suggests a pattern of recurring architectural weaknesses rather than isolated implementation errors, requiring continuous vigilance from system administrators to mitigate risks associated with these known exploits.

Top products by Averta: Shortcodes and extra features for Phlox theme Master Slider – Responsive Touch Slider Depicter — Popup & Slider Builder Depicter Slider Master Slider Premium Portfolio Features for Phlox theme Master Slider Pro Phlox Shop Phlox Portfolio Phlox PRO Phlox
CVE IDTitleCVSSSeverityPublished
CVE-2025-68558 WordPress Depicter Slider plugin <= 4.0.4 - Broken Access Control vulnerability — Depicter SliderCWE-862 6.5 Medium2026-01-22
CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget — Shortcodes and extra features for Phlox themeCWE-79 6.4 Medium2026-01-10
CVE-2025-4776 Phlox <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute — PhloxCWE-79 6.4 Medium2026-01-06
CVE-2025-13215 Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure — Shortcodes and extra features for Phlox themeCWE-200 5.3 Medium2026-01-06
CVE-2025-11370 Depicter <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates — Depicter — Popup & Slider BuilderCWE-862 5.3 Medium2026-01-06
CVE-2025-69016 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability — Shortcodes and extra features for Phlox themeCWE-862 4.3 Medium2025-12-30
CVE-2025-63071 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Sensitive Data Exposure vulnerability — Shortcodes and extra features for Phlox themeCWE-201 5.3 Medium2025-12-09
CVE-2025-63045 WordPress Master Slider Pro plugin <= 3.7.12 - Cross Site Scripting (XSS) vulnerability — Master Slider ProCWE-79 6.5 Medium2025-12-09
CVE-2025-12497 Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path] — Premium Portfolio Features for Phlox themeCWE-98 8.1 High2025-11-05
CVE-2025-11373 Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Safe File Type Upload — Depicter — Popup & Slider BuilderCWE-862 4.3 Medium2025-11-05
CVE-2025-8383 Depicter <= 4.0.4 - Cross-Site Request Forgery — Depicter — Popup & Slider BuilderCWE-352 4.3 Medium2025-10-31
CVE-2025-58025 WordPress Master Slider Plugin <= 3.11.0 - Cross Site Scripting (XSS) Vulnerability — Master SliderCWE-79 6.5 Medium2025-09-22
CVE-2025-5291 Master Slider <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider_pb and ms_slide Shortcodes — Master Slider – Responsive Touch SliderCWE-79 6.4 Medium2025-06-17
CVE-2025-39412 WordPress Master Slider plugin <= 3.11.0 - Broken Access Control vulnerability — Master SliderCWE-862 4.3 Medium2025-05-19
CVE-2025-2011 Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter — Depicter — Popup & Slider BuilderCWE-89 7.5 High2025-05-06
CVE-2024-11731 Master Slider – Responsive Touch Slider <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode — Master Slider – Responsive Touch SliderCWE-79 6.4 Medium2025-03-05
CVE-2024-13757 Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode — Master Slider – Responsive Touch SliderCWE-79 6.4 Medium2025-03-05
CVE-2024-50500 WordPress Phlox Core Elements plugin <= 2.17.4 - Broken Access Control vulnerability — Shortcodes and extra features for Phlox themeCWE-862 4.3 Medium2025-02-03
CVE-2024-12588 Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget — Shortcodes and extra features for Phlox themeCWE-79 6.4 Medium2024-12-21
CVE-2024-9545 Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes — Shortcodes and extra features for Phlox themeCWE-79 6.4 Medium2024-12-21
CVE-2024-4633 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting — Depicter — Popup & Slider BuilderCWE-79 6.4 Medium2024-12-06
CVE-2024-47359 WordPress Depicter plugin <= 3.2.2 - Broken Access Control vulnerability — Depicter SliderCWE-352 5.3 Medium2024-11-01
CVE-2024-47381 WordPress Slider & Popup Builder by Depicter plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability — Depicter SliderCWE-79 5.9 Medium2024-10-05
CVE-2024-8486 Shortcodes and extra features for Phlox theme <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets — Shortcodes and extra features for Phlox themeCWE-79 6.4 Medium2024-10-05
CVE-2024-1384 Premium Portfolio Features for Phlox theme <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Premium Portfolio Features for Phlox themeCWE-79 6.4 Medium2024-08-29
CVE-2024-6339 Phlox PRO <= 5.16.4 - Reflected Cross-Site Scripting via Search Parameters — Phlox PROCWE-79 6.1 Medium2024-08-21
CVE-2024-4389 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload — Depicter — Popup & Slider BuilderCWE-434 8.8 High2024-08-14
CVE-2024-43161 WordPress Slider & Popup Builder by Depicter plugin <= 3.1.2 - Cross Site Scripting (XSS) vulnerability — Depicter SliderCWE-79 5.9 Medium2024-08-12
CVE-2024-37414 WordPress Depicter Slider plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability — Depicter SliderCWE-79 5.9 Medium2024-07-22
CVE-2024-3587 Premium Portfolio Features for Phlox theme <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios' — Premium Portfolio Features for Phlox themeCWE-79 6.4 Medium2024-07-16

This page lists every published CVE security advisory associated with Averta. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.