A vulnerability, which was classified as problematic, was found in Shortcodes and Extra Features for Phlox Theme up to 2.16.4 on WordPress. This affects an unknown part of the component Staff Widget. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2024-12588. It is possible to initiate the attack remotely. There is no exploit available.