Cross-Site Scripting Vulnerability in AndonDesign UDesign Core Plugin
CVE-2025-62051

Currently unrated

Key Information:

Vendor

WordPress
Status
Udesign Core
Vendor
CVE Published:
6 November 2025

What is CVE-2025-62051?

The UDesign Core plugin by AndonDesign contains a vulnerability that allows attackers to execute arbitrary JavaScript code in the context of a user’s browser. This is due to improper neutralization of user input during web page generation. The flaw affects all versions up to and including 4.14.1, potentially enabling malicious users to manipulate site functionality and harvest sensitive information from users visiting the affected web pages.

Affected Version(s)

UDesign Core <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/u-de...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-62051 : Cross-Site Scripting Vulnerability in AndonDesign UDesign Core Plugin