Cross-Site Scripting Vulnerability in UiCore Elements by UiCore
CVE-2025-58196

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Uicore Elements
Vendor
CVE Published:
27 August 2025

What is CVE-2025-58196?

A Cross-site Scripting (XSS) vulnerability exists in UiCore Elements, which allows attackers to inject malicious scripts into web pages. This can lead to potential data theft, session hijacking, and unauthorized actions performed on behalf of users. The affected versions include UiCore Elements from n/a up to 1.3.4. Ensuring input validation and sanitization can mitigate the risks associated with this vulnerability.

Affected Version(s)

UiCore Elements <= 1.3.4

References

https://patchstack.com/database/wordpress/plugin/uicore-e...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abu Hurayra (Patchstack Alliance)
.
CVE-2025-58196 : Cross-Site Scripting Vulnerability in UiCore Elements by UiCore