Shortcodes and extra features for phlox theme

This hub aggregates every CVE we track for Shortcodes and extra features for phlox theme, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Pluginson-premcms plugin

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM17HIGH3

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Shortcodes and extra features for phlox theme.

CVE-2025-12379Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget6.4Jan 10, 2026
CVE-2025-13215Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure5.3Jan 6, 2026
CVE-2025-69016WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability4.3Dec 30, 2025
CVE-2025-63071WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Sensitive Data Exposure vulnerability5.3Dec 9, 2025
CVE-2024-50500WordPress Phlox Core Elements plugin <= 2.17.4 - Broken Access Control vulnerability4.3Feb 3, 2025
CVE-2024-12588Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget6.4Dec 21, 2024
CVE-2024-9545Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes6.4Dec 21, 2024
CVE-2024-8486Shortcodes and extra features for Phlox theme <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets6.4Oct 5, 2024
CVE-2023-37888WordPress Phlox Core Elements plugin <= 2.14.0 - Unauthenticated Local File Inclusion vulnerability7.6May 17, 2024
CVE-2023-7064Shortcodes and extra features for Phlox theme <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer7.5May 2, 2024
CVE-2024-3517Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Widget6.4May 2, 2024
CVE-2024-1533Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4May 2, 2024
CVE-2024-1396Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag'6.4May 2, 2024
CVE-2024-3341Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode6.4May 2, 2024
CVE-2024-1348Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS6.4May 2, 2024

Product normalization is registry-driven with AI assist and human review. How it works