Skip to main content

Uicore Elements

1 CVEs product

Monthly

CVE-2026-39708 MEDIUM This Month

Stored cross-site scripting (XSS) in UiCore Elements WordPress plugin versions 1.3.14 and earlier allows authenticated users to inject malicious scripts into web pages, which execute in the browsers of other users viewing affected content. The vulnerability stems from improper input neutralization during page generation, affecting any WordPress installation using the plugin. No active exploitation has been confirmed, and the EPSS score of 0.03% indicates very low real-world exploitation probability despite the CVSS 6.5 score.

XSS Uicore Elements
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored cross-site scripting (XSS) in UiCore Elements WordPress plugin versions 1.3.14 and earlier allows authenticated users to inject malicious scripts into web pages, which execute in the browsers of other users viewing affected content. The vulnerability stems from improper input neutralization during page generation, affecting any WordPress installation using the plugin. No active exploitation has been confirmed, and the EPSS score of 0.03% indicates very low real-world exploitation probability despite the CVSS 6.5 score.

XSS Uicore Elements
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy