CVE-2025-1054 – UiCore Elements – WordPress Stored Cross-Site Scripting

April 23, 2025

CVE ID : CVE-2025-1054

Published : April 23, 2025, 10:15 a.m. | 4 hours, 43 minutes ago

Description : The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-42600 – Meon KYC Brute Force OTP Vulnerability

Next Article CVE-2024-10306 – Apache mod_proxy_cluster Unauthorized Access Vulnerability

Highlights

CVE-2025-53890 – Pyload CAPTCHA JavaScript Evaluation Remote Code Execution

July 15, 2025

CVE ID : CVE-2025-53890

Published : July 15, 2025, 12:15 a.m. | 2 hours, 14 minutes ago

Description : pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Learning from PHP Log to File Example

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

Package efficiency and dependency hygiene

Dmitry — The Deep Magic

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

Windows 11 Powers Up WSL: How GPU Acceleration & Kernel Upgrades Change the Game

CVE-2025-1054 – UiCore Elements – WordPress Stored Cross-Site Scripting

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Student Insider Threats Driving Surge in UK School Data Breaches, ICO Warns

CVE-2025-54382 – Cherry Studio Cherry Picker Remote Code Execution

CVE-2025-55229 – Microsoft Windows Certificate Spoofing Vulnerability

I wore Whoop’s latest health tracker – it gave me the best of Oura Ring, Apple Watch, and more

CVE-2025-5727 – SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE-2025-53890 – Pyload CAPTCHA JavaScript Evaluation Remote Code Execution

CVE-2025-4364 – Apache HTTP Server Information Disclosure

AT&T customer? You might get a cut of $177 million data breach settlement

Data Circuit Installation and Change Checklist

CVE-2025-1054 – UiCore Elements – WordPress Stored Cross-Site Scripting

Related Posts