Cross-site Scripting Vulnerability in Averta LTD Phlox Theme Features
CVE-2026-57737
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 1 July 2026
What is CVE-2026-57737?
Averta LTD's Phlox theme features a vulnerability that allows for the improper neutralization of user input during web page generation, leading to a DOM-based Cross-site Scripting (XSS) attack. This weakness could enable attackers to inject malicious scripts into web pages viewed by users, potentially compromising their data or session information. Users of the Phlox theme, specifically those utilizing versions from n/a up to 2.17.16, are advised to implement security measures to mitigate this vulnerability.
Affected Version(s)
Shortcodes and extra features for Phlox theme <= 2.17.16