| CVE-2025-12379 | Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2026-01-10 13:47:35 | Deep Dive |
| CVE-2025-13215 | Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure | averta | Shortcodes and extra features for Phlox theme | Medium | 5.3 | 2026-01-06 06:36:26 | Deep Dive |
| CVE-2025-4776 | Phlox <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute | averta | Phlox | Medium | 6.4 | 2026-01-06 06:36:26 | Deep Dive |
| CVE-2025-69016 | WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability | averta | Shortcodes and extra features for Phlox theme | 中危 | - | 2025-12-30 10:47:54 | Deep Dive |
| CVE-2025-63071 | WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Sensitive Data Exposure vulnerability | averta | Shortcodes and extra features for Phlox theme | - | - | 2025-12-09 14:52:36 | Deep Dive |
| CVE-2025-12497 | Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path] | averta | Premium Portfolio Features for Phlox theme | High | 8.1 | 2025-11-05 11:24:40 | Deep Dive |
| CVE-2024-50500 | WordPress Phlox Core Elements plugin <= 2.17.4 - Broken Access Control vulnerability | averta | Shortcodes and extra features for Phlox theme | Medium | 4.3 | 2025-02-03 14:23:50 | Deep Dive |
| CVE-2024-12588 | Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2024-12-21 08:24:00 | Deep Dive |
| CVE-2024-9545 | Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2024-12-21 08:23:59 | Deep Dive |
| CVE-2024-8486 | Shortcodes and extra features for Phlox theme <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading and Icon Picker Widgets | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2024-10-05 07:39:01 | Deep Dive |
| CVE-2024-1384 | Premium Portfolio Features for Phlox theme <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | averta | Premium Portfolio Features for Phlox theme | Medium | 6.4 | 2024-08-29 12:31:10 | Deep Dive |
| CVE-2024-6339 | Phlox PRO <= 5.16.4 - Reflected Cross-Site Scripting via Search Parameters | averta | Phlox PRO | Medium | 6.1 | 2024-08-21 07:33:25 | Deep Dive |
| CVE-2024-3587 | Premium Portfolio Features for Phlox theme <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios' | averta | Premium Portfolio Features for Phlox theme | Medium | 6.4 | 2024-07-16 08:32:32 | Deep Dive |
| CVE-2023-39163 | WordPress Phlox Shop plugin <= 2.0.0 - Unauthenticated Local File Inclusion vulnerability | Averta | Phlox Shop | High | 8.6 | 2024-05-17 06:52:32 | Deep Dive |
| CVE-2023-38399 | WordPress Phlox Portfolio plugin <= 2.3.1 - Unauthenticated Local File Inclusion vulnerability | Averta | Phlox Portfolio | High | 8.6 | 2024-05-17 06:52:08 | Deep Dive |
| CVE-2023-37888 | WordPress Phlox Core Elements plugin <= 2.14.0 - Unauthenticated Local File Inclusion vulnerability | By Averta | Shortcodes and extra features for Phlox theme | High | 7.6 | 2024-05-17 06:48:41 | Deep Dive |
| CVE-2023-7064 | Shortcodes and extra features for Phlox theme <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer | averta | Shortcodes and extra features for Phlox theme | High | 7.5 | 2024-05-02 16:52:51 | Deep Dive |
| CVE-2024-3517 | Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Widget | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2024-05-02 16:52:29 | Deep Dive |
| CVE-2024-1533 | Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2024-05-02 16:52:23 | Deep Dive |
| CVE-2024-1396 | Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2024-05-02 16:52:08 | Deep Dive |