Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

uxper — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting uxper. AI-powered Chinese analysis, POCs, and references for each vulnerability.

uxper operates as a user experience optimization platform, primarily facilitating A/B testing and behavioral analytics for web applications. This functionality inherently requires deep integration with client-side scripts, which has historically exposed the software to significant security risks. The majority of its 28 recorded Common Vulnerabilities and Exposures (CVEs) stem from insufficient input validation and improper access controls, leading to frequent instances of Cross-Site Scripting (XSS) and Remote Code Execution (RCE). These flaws often allow attackers to inject malicious payloads or escalate privileges within the application environment. While no single catastrophic data breach has been publicly attributed to uxper, the high volume of critical vulnerabilities indicates systemic weaknesses in its development lifecycle. Security researchers emphasize that the platform’s reliance on third-party integrations and dynamic script injection creates a broad attack surface, necessitating rigorous patch management and strict sandboxing to mitigate potential exploitation by threat actors targeting user session data.

Top products by uxper: Golo Togo Nuss Sala Civi - Job Board & Freelance Marketplace WordPress Theme Golo - City Travel Guide WordPress Theme Uxper Booking Civi Framework Sala - Startup & SaaS WordPress Theme
CVE IDTitleCVSSSeverityPublished
CVE-2026-27051 WordPress Golo theme <= 1.7.0 - Privilege Escalation vulnerability — GoloCWE-266 9.8 Critical2026-03-25
CVE-2026-23973 WordPress Golo theme < 1.7.5 - Reflected Cross Site Scripting (XSS) vulnerability — GoloCWE-79 7.1 High2026-03-25
CVE-2026-23975 WordPress Golo theme < 1.7.5 - Local File Inclusion vulnerability — GoloCWE-98 7.5 High2026-01-22
CVE-2026-23974 WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability — GoloCWE-862 5.3 Medium2026-01-22
CVE-2025-52739 WordPress Sala theme <= 1.1.3 - Cross Site Scripting (XSS) vulnerability — SalaCWE-79 7.1 High2025-12-31
CVE-2025-62037 WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability — TogoCWE-862 6.5 Medium2025-11-06
CVE-2025-62036 WordPress Togo theme < 1.0.4 - Cross Site Scripting (XSS) vulnerability — TogoCWE-79 7.1 High2025-11-06
CVE-2025-62034 WordPress Togo theme < 1.0.4 - Privilege Escalation vulnerability — TogoCWE-266 8.8 High2025-11-06
CVE-2025-62035 WordPress Togo theme < 1.0.4 - PHP Object Injection vulnerability — TogoCWE-502 8.8 High2025-11-06
CVE-2025-62033 WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability — TogoCWE-862 6.5 Medium2025-11-06
CVE-2025-54709 WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability — SalaCWE-98 8.1 High2025-09-09
CVE-2025-54725 WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability — GoloCWE-288 9.8 Critical2025-08-28
CVE-2025-54724 WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability — GoloCWE-79 7.1 High2025-08-28
CVE-2025-49891 WordPress Uxper Booking Plugin <= 1.3.3 - SQL Injection Vulnerability — Uxper BookingCWE-89 8.5 High2025-08-20
CVE-2025-49893 WordPress Nuss Theme <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability — NussCWE-79 7.1 High2025-08-20
CVE-2025-49892 WordPress Uxper Booking Plugin <= 1.3.3 - Local File Inclusion Vulnerability — Uxper BookingCWE-98 8.1 High2025-08-20
CVE-2025-49894 WordPress Nuss Theme <= 1.3.3 - Local File Inclusion Vulnerability — NussCWE-98 8.1 High2025-08-20
CVE-2025-52803 WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability — SalaCWE-862 7.5 High2025-07-16
CVE-2025-52804 WordPress Nuss theme <= 1.3.7.1 - Broken Access Control Vulnerability — NussCWE-862 7.5 High2025-07-16
CVE-2025-4606 Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover — Sala - Startup & SaaS WordPress ThemeCWE-620 9.8 Critical2025-07-09
CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability — SalaCWE-502 8.8 High2025-06-27
CVE-2025-52827 WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability — NussCWE-502 8.8 High2025-06-27
CVE-2025-49511 WordPress Civi Framework plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to User Deactivation vulnerability — Civi FrameworkCWE-352 7.1 High2025-06-10
CVE-2025-4797 Golo <= 1.7.0 - Authentication Bypass to Account Takeover — Golo - City Travel Guide WordPress ThemeCWE-288 9.8 Critical2025-06-03
CVE-2024-13773 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure — Civi - Job Board & Freelance Marketplace WordPress ThemeCWE-321 7.3 High2025-03-14
CVE-2024-13772 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass — Civi - Job Board & Freelance Marketplace WordPress ThemeCWE-288 5.6 Medium2025-03-14
CVE-2024-13771 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update — Civi - Job Board & Freelance Marketplace WordPress ThemeCWE-288 9.8 Critical2025-03-14
CVE-2024-12876 Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change — Golo - City Travel Guide WordPress ThemeCWE-862 9.8 Critical2025-03-07

This page lists every published CVE security advisory associated with uxper. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.