Cross-site Scripting Vulnerability in UIUX Lab Uix Page Builder
CVE-2025-24616

7.1HIGH

Key Information:

Vendor: WordPress
Status: Uix Page Builder
Vendor: CVE Published:; 14 February 2025

Summary

The Uix Page Builder by UIUX Lab is vulnerable to a Cross-site Scripting (XSS) attack due to improper handling of input during web page generation. This flaw allows attackers to execute arbitrary scripts in the context of a browser session, potentially compromising sensitive user data and leading to unauthorized actions. Affected versions include Uix Page Builder from n/a through 1.7.3. Protect your web applications by ensuring all inputs are properly validated and sanitized.

Affected Version(s)

Uix Page Builder <= 1.7.3

References

https://patchstack.com/database/wordpress/plugin/uix-page...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)