Shortcodes and extra features for Phlox theme
averta
Developer
2.17.15
Latest version
90,000
Installations
No date
Last updated
Vulnerability history
2 present
17 patched
5 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget vulnerability<= 2.17.203/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability<= 2.15.703/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode vulnerability<= 2.15.703/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' vulnerability<= 2.15.702/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.15.702/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode vulnerability<= 2.15.702/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability<= 2.17.002/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget vulnerability<= 2.17.1302/02/2026
- Unauthenticated Draft Posts Information Exposure vulnerability<= 2.17.1302/02/2026
- Broken Access Control vulnerability<= 2.17.1527/12/2025
- Sensitive Data Exposure vulnerability<= 2.17.1526/10/2025
- Broken Access Control vulnerability<= 2.17.431/01/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets vulnerability<= 2.16.307/10/2024
- Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer vulnerability<= 2.17.516/04/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.15.516/04/2024
- Broken Access Control vulnerability<= 2.15.729/03/2024
- Cross Site Scripting (XSS) vulnerability<= 2.15.407/12/2023
- Unauthenticated Local File Inclusion vulnerability<= 2.14.015/11/2023
- Reflected Cross-Site-Scripting (XSS) vulnerability<= 2.9.720/06/2022