CVE-2025-6944 – Uncode Core WordPress Stored Cross-Site Scripting

July 4, 2025

CVE ID : CVE-2025-6944

Published : July 4, 2025, 6:15 a.m. | 1 hour, 36 minutes ago

Description : The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘uncode_hl_text’ and ‘uncode_text_icon’ shortcodes in all versions up to, and including, 2.9.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCritical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

Next Article CVE-2025-5372 – OpenSSL SSH Key Derivation Buffer Initialization Vulnerability

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-6944 – Uncode Core WordPress Stored Cross-Site Scripting

CVE-2025-5372 – OpenSSL SSH Key Derivation Buffer Initialization Vulnerability

Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

RoboCat: A self-improving robotic agent

CVE-2025-44884 – D-Link FW-WGS-804HPT Stack Overflow Vulnerability

CVE-2025-6828 – Code-Projects Inventory Management System SQL Injection Vulnerability

uBlock Origin ships to Edge for Android as Google kills it on Chrome

Instagram Not Working on Fire Tablet: How to Fix It (Step-by-Step Guide)

CVE-2025-36632 – Tenable Agent Local Privilege Escalation (LPE)

CVE-2025-3050 – IBM Db2 CPU Resource Allocation Denial of Service

CVE-2024-58237 – Linux Kernel BPF Packet Pointer Invalidation Vulnerability

CVE-2025-6944 – Uncode Core WordPress Stored Cross-Site Scripting

Related Posts