Browse all 4 CVE security advisories affecting uicore. AI-powered Chinese analysis, POCs, and references for each vulnerability.
uicore is a UI component library primarily used for building web interfaces. Historically, it has been associated with vulnerabilities including remote code execution, cross-site scripting (XSS), and privilege escalation, often stemming from improper input validation and insecure deserialization. The library has faced scrutiny for its security practices, with four CVEs documented to date. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests developers should implement strict input sanitization and keep dependencies updated when using this framework in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39708 | WordPress UiCore Elements plugin <= 1.3.14 - Cross Site Scripting (XSS) vulnerability — UiCore ElementsCWE-79 | 6.5 | Medium | 2026-04-08 |
| CVE-2025-58196 | WordPress UiCore Elements Plugin <= 1.3.4 - Cross Site Scripting (XSS) Vulnerability — UiCore ElementsCWE-79 | 6.5 | Medium | 2025-08-27 |
| CVE-2025-6253 | UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read — UiCore Elements – Free widgets and templates for ElementorCWE-862 | 7.5 | High | 2025-08-12 |
| CVE-2025-1054 | UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — UiCore Elements – Free widgets and templates for ElementorCWE-79 | 6.4 | Medium | 2025-04-23 |
This page lists every published CVE security advisory associated with uicore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.