EUVD-2025-19930

Malicious code in bioql PyPI...

CVE-2025-6944

The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uncodehltext' and 'uncodetexticon' shortcodes in all versions up to, and including, 2.9.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-6944

The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uncodehltext' and 'uncodetexticon' shortcodes in all versions up to, and including, 2.9.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-6944

The CVE records a Stored Cross-Site Scripting vulnerability in the WordPress Uncode Core plugin (

PT-2025-27858 · WordPress · Uncode Core

Name of the Vulnerable Software and Affected Versions: Uncode Core plugin for WordPress versions up to, and including, 2.9.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the uncode hl...

CVE-2024-13689

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13689

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13689 Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13689

CVE-2024-13689 affects the Uncode Core WordPress plugin. Public details from Wordfence indicate the vulnerability is in Uncode Core

CVE-2024-13689 Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2023-51501 WordPress Uncode Core Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...

WordPress Uncode Core Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Uncode Core Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51501 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 138ed2ed00c0 Credits Rafie Muhammad Patchstack Required...