CVE-2026-57737
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
The Shortcodes and extra features plugin for the Phlox theme contains a DOM-Based XSS vulnerability due to improper input neutralization during web page generation.
Risk Assessment
An attacker can inject malicious scripts into the page, potentially leading to session theft, redirection to malicious sites, or theft of sensitive data.
Recommendation
Immediately update the Shortcodes and extra features plugin for the Phlox theme to version 2.17.17 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16.

