30 matches found
CVE-2026-39708
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...
CVE-2026-39708 WordPress UiCore Elements plugin <= 1.3.14 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...
CVE-2026-39708 WordPress UiCore Elements plugin <= 1.3.14 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...
CVE-2026-39708
CVE-2026-39708 affects the WordPress UiCore Elements plugin (uicore-elements) up to version 1.3.14. The issue is a Stored XSS due to improper neutralization of input during web page generation. Affected software: UiCore Elements (WordPress plugin)
WordPress plugin UiCore Elements 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...
PT-2026-31270
Name of the Vulnerable Software and Affected Versions UiCore Elements versions through 1.3.14 Description A Stored Cross-site Scripting XSS issue exists in UiCore Elements due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts into w...
CVE-2025-1054
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to...
EUVD-2025-24219
Malicious code in bioql PyPI...
EUVD-2025-12238
Malicious code in bioql PyPI...
CVE-2025-58196
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.4...
WordPress UiCore Elements Plugin <= 1.3.4 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin UiCore Elements versions = 1.3.4...
CVE-2025-58196
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.4...
CVE-2025-58196 WordPress UiCore Elements Plugin <= 1.3.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.4...
CVE-2025-58196
CVE-2025-58196: Stored XSS in UiCore Elements (WordPress plugin) due to improper input neutralization during web page generation. Affected versions are UiCore Elements up to 1.3.4. Documented impacts indicate stored XSS vulnerability with potential for malicious script injection in webpages gener...
CVE-2025-58196 WordPress UiCore Elements Plugin <= 1.3.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.4...
WordPress plugin UiCore Elements 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-6253
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...
CVE-2025-6253 UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...
CVE-2025-6253
The CVE-2025-6253 entry concerns the WordPress plugin UiCore Elements (Free Elementor widgets/templates) with versions up to and including 1.3.0. The vulnerability is an Arbitrary File Read caused by a missing capability check and insufficient controls on the filename in the prepare_template() fu...
CVE-2025-6253 UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...