Vulnerabilities > Averta > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-50368 | Cross-site Scripting vulnerability in Averta Shortcodes and Extra Features for Phlox Theme Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2. | 5.4 |
| 2023-11-16 | CVE-2023-47508 | Unspecified vulnerability in Averta Master Slider 3.2.7/3.5.1 Unauth. | 6.1 |
| 2022-07-11 | CVE-2022-1910 | Unspecified vulnerability in Averta Shortcodes and Extra Features for Phlox Theme The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | 6.1 |
| 2018-12-23 | CVE-2018-20368 | Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1 The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. | 5.4 |