Cross-site Scripting Vulnerability in AndonDesign UDesign Core Plugin
CVE-2025-53234

7.1HIGH

Key Information:

Vendor: WordPress
Status: Udesign Core
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-53234?

A reflected cross-site scripting vulnerability exists in the UDesign Core plugin by AndonDesign, allowing attackers to execute arbitrary JavaScript in the context of the user's browser. This security flaw impacts versions from n/a to 4.14.0, posing a risk to users who may interact with specially crafted links. It is crucial for website administrators to address this issue to prevent potential data theft or unauthorized actions performed on behalf of users.

Affected Version(s)

UDesign Core <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/u-de...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

Rafie Muhammad (Patchstack)

JSON