CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through 2.9.4.4...

7.1CVSS5.9AI score0.00032EPSS

Exploits0References1

NVD•added 2025/09/26 9:15 a.m.•1 views

CVE-2025-48107

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through 2.9.4.4...

7.1CVSS0.00032EPSS

Exploits0References1

Cvelist•added 2025/09/26 8:31 a.m.•7 views

CVE-2025-48107 WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through 2.9.4.4...

7.1CVSS0.00032EPSS

Exploits0References1

CVE•added 2025/09/26 8:31 a.m.•7 views

CVE-2025-48107

CVE-2025-48107 corresponds to a WordPress Uncode theme vulnerability: a Reflected Cross-Site Scripting (XSS) due to improper input neutralization in Uncode

7.1CVSS5.9AI score0.00032EPSS

Exploits0References1

Vulnrichment•added 2025/09/26 8:31 a.m.•2 views

CVE-2025-48107 WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through 2.9.4.4...

7.1CVSS5.2AI score0.00032EPSS

Exploits0References1

CNNVD•added 2025/09/26 12:0 a.m.•1 views

WordPress plugin Uncode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based...

7.1CVSS5.9AI score0.00032EPSS

Exploits0References1

Positive Technologies•added 2025/09/26 12:0 a.m.•2 views

PT-2025-39528

Name of the Vulnerable Software and Affected Versions undsgn Uncode affected versions not specified Description A flaw exists in undsgn Uncode that allows for Reflected Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability...

7.1CVSS5.6AI score0.00032EPSS

Exploits0References4

Patchstack•added 2025/08/26 10:24 a.m.•4 views

WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Uncode versions 2.9.4.4...

7.1CVSS6.1AI score0.00032EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/07/06 6:22 a.m.•4 views

CVE-2025-6944

The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uncodehltext' and 'uncodetexticon' shortcodes in all versions up to, and including, 2.9.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.5AI score0.00164EPSS

Exploits0References1

NVD•added 2025/07/04 6:15 a.m.•5 views

CVE-2025-6944

6.4CVSS0.00164EPSS

Exploits0References2

Cvelist•added 2025/07/04 5:23 a.m.•6 views

CVE-2025-6944 Uncode Core <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

6.4CVSS0.00164EPSS

Exploits0References2

Rows per page