PT-2026-1416 · WordPress · Phlox Theme
Nguyen C
·
Published
2026-01-06
·
Updated
2026-01-06
·
CVE-2025-13215
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Phlox Theme plugin for WordPress versions through 2.17.13
Description
The Shortcodes and extra features for Phlox theme plugin for WordPress is susceptible to information disclosure. This issue affects the
auxels ajax search component due to inadequate restrictions on post inclusion. An unauthenticated attacker can potentially extract titles of draft posts that they are not authorized to view.Recommendations
Update the Phlox Theme plugin to a version beyond 2.17.13.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phlox Theme