UDesign Core

CVEs (5)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-63062	AndonDesign UDesign Core	Hig	0.49	7.5	Dec 9, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through <= 4.14.0.
CVE-2025-53234	WordPress U Design Core	Hig	0.46	7.1	Oct 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign Core u-design-core allows Reflected XSS.This issue affects UDesign Core: from n/a through <= 4.14.0.
CVE-2025-62051	WordPress U Design Core	Med	0.42	6.5	Nov 6, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign Core u-design-core.This issue affects UDesign Core: from n/a through <= 4.14.1.
CVE-2025-53236	WordPress U Design Core	Med	0.41	6.3	Oct 22, 2025	Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through <= 4.14.0.
CVE-2025-24757	AndonDesign UDesign Core	Med	0.34	5.3	Jul 4, 2025	Missing Authorization vulnerability in AndonDesign uDesign udesign.This issue affects uDesign: from n/a through <= 4.11.2.

CVE-2025-63062HigDec 9, 2025
AndonDesign
UDesign Core
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through <= 4.14.0.
CVE-2025-53234HigOct 22, 2025
WordPress
U Design Core
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign Core u-design-core allows Reflected XSS.This issue affects UDesign Core: from n/a through <= 4.14.0.
CVE-2025-62051MedNov 6, 2025
WordPress
U Design Core
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign Core u-design-core.This issue affects UDesign Core: from n/a through <= 4.14.1.
CVE-2025-53236MedOct 22, 2025
WordPress
U Design Core
risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through <= 4.14.0.
CVE-2025-24757MedJul 4, 2025
AndonDesign
UDesign Core
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in AndonDesign uDesign udesign.This issue affects uDesign: from n/a through <= 4.11.2.