Vulnerabilities > Averta > Shortcodes AND Extra Features FOR Phlox Theme > 1.3.6

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-14	CVE-2023-50368	Cross-site Scripting vulnerability in Averta Shortcodes and Extra Features for Phlox Theme Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2. network low complexity averta CWE-79	5.4
2022-12-12	CVE-2022-3359	Unspecified vulnerability in Averta Shortcodes and Extra Features for Phlox Theme The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. network low complexity averta	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.