CVE Catalog

CVE-2026-57737

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

The Shortcodes and extra features plugin for the Phlox theme contains a DOM-Based XSS vulnerability due to improper input neutralization during web page generation.

Risk Assessment

An attacker can inject malicious scripts into the page, potentially leading to session theft, redirection to malicious sites, or theft of sensitive data.

Recommendation

Immediately update the Shortcodes and extra features plugin for the Phlox theme to version 2.17.17 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS