WordPress Plugin Vulnerabilities

Shortcodes and extra features for Phlox theme < 2.17.5 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
auxin-elements
Fixed in 2.17.5

References

CVE
CVE-2024-50500
URL
https://patchstack.com/database/wordpress/plugin/auxin-elements/vulnerability/wordpress-phlox-core-elements-plugin-2-17-2-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
74da9275-9579-4705-b8da-557752b28743

Timeline

Publicly Published
2025-01-31 (about 1 year ago)
Added
2025-02-03 (about 1 year ago)
Last Updated
2025-03-06 (about 1 year ago)

Other

Published
Title
Published
2025-05-07
Title
Music Player for WooCommerce < 1.6.0 - Missing Authorization
Published
2026-02-04
Title
Plugin BlueX for WooCommerce <= 3.1.4 - Missing Authorization
Published
2025-10-16
Title
Salient < 17.4.0 - Missing Authorization
Published
2025-05-06
Title
Search Exclude < 2.5.0 - Missing Authorization to Unauthenticated Plugin Settings Modification
Published
2024-04-25
Title
ARForms Form Builder < 1.6.5 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion