Filtered by vendor Averta
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47508 | 1 Averta | 1 Master Slider | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions. | |||||
| CVE-2022-1910 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2018-20368 | 1 Averta | 1 Master Slider | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. | |||||
| CVE-2024-6339 | 1 Averta | 1 Phlox | 2024-09-27 | N/A | 6.1 MEDIUM |
| The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||