Filtered by vendor Averta
Subscriptions
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12497 | 2 Averta, Wordpress | 3 Phlox, Premium Portfolio Features For Phlox Theme, Wordpress | 2025-11-06 | 8.1 High |
| The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'args[extra_template_path]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2025-11373 | 2 Averta, Wordpress | 2 Slider And Popup Builder By Depicter, Wordpress | 2025-11-06 | 4.3 Medium |
| The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload limited files on the affected site's server. | ||||
| CVE-2025-8383 | 2 Averta, Wordpress | 2 Slider And Popup Builder By Depicter, Wordpress | 2025-11-04 | 4.3 Medium |
| The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 4.0.4. This is due to missing or incorrect nonce validation on the depicter-document-rules-store function. This makes it possible for unauthenticated attackers to modify document rules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-58025 | 2 Averta, Wordpress | 2 Master Slider, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider allows Stored XSS. This issue affects Master Slider: from n/a through 3.11.0. | ||||
| CVE-2024-43161 | 2 Averta, Wordpress | 2 Depicter Slider, Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2. | ||||
| CVE-2024-47381 | 2 Averta, Wordpress | 2 Depicter Slider, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.2.2. | ||||
| CVE-2025-5291 | 1 Averta | 1 Master Slider | 2025-07-02 | 6.4 Medium |
| The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-6493 | 1 Averta | 1 Depicter Slider | 2025-06-17 | 4.3 Medium |
| The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue. | ||||
| CVE-2024-31099 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7. | ||||
| CVE-2024-3517 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3341 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1533 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Requires Elementor and the Phlox theme to be installed. | ||||
| CVE-2024-1396 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-37888 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 7.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0. | ||||
| CVE-2024-1348 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-50900 | 1 Averta | 1 Master Slider | 2025-05-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10. | ||||
| CVE-2024-32600 | 1 Averta | 1 Master Slider | 2025-05-27 | 8.3 High |
| Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. | ||||
| CVE-2024-32580 | 1 Averta | 1 Master Slider | 2025-05-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8. | ||||
| CVE-2024-37222 | 1 Averta | 1 Master Slider | 2025-05-27 | 7.1 High |
| Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0. | ||||
| CVE-2025-39412 | 1 Averta | 1 Master Slider | 2025-05-27 | 4.3 Medium |
| Missing Authorization vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.10.8. | ||||