Cross-site Scripting Vulnerability in Averta LTD Phlox Theme Features
CVE-2026-57737

6.5MEDIUM

What is CVE-2026-57737?

Averta LTD's Phlox theme features a vulnerability that allows for the improper neutralization of user input during web page generation, leading to a DOM-based Cross-site Scripting (XSS) attack. This weakness could enable attackers to inject malicious scripts into web pages viewed by users, potentially compromising their data or session information. Users of the Phlox theme, specifically those utilizing versions from n/a up to 2.17.16, are advised to implement security measures to mitigate this vulnerability.

Affected Version(s)

Shortcodes and extra features for Phlox theme <= 2.17.16

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

timomangcut | Patchstack Bug Bounty Program
.