VYPR

Uicore Elements

by WordPress

Source repositories

CVEs (4)

  • CVE-2026-39708MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through <= 1.3.14.

  • CVE-2025-58196MedAug 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through <= 1.3.4.

  • CVE-2025-6253HigAug 12, 2025
    risk 0.42cvss 7.5epss 0.00

    The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function due to a missing capability check and insufficient controls on the filename…

  • CVE-2025-1054MedApr 23, 2025
    risk 0.35cvss 6.4epss 0.00

    The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including,…