Vulnerabilities and security researches foruicore-animate uicore-animate

Apr 28, 2026

PSC, Research URL: PSC-2026-64651
Home page URL: Security reports for UiCore Animate
Application: UiCore Animate
Date: Apr 28, 2026
Research Description: Animation and interaction plugins operate on a sensitive boundary between front-end rendering, visual builder controls, Gutenberg block behavior, Elementor widget configuration, and client-side JavaScript execution. These plugins often modify how content appears, moves, loads, transitions between pages, and reacts to scrolling or user interaction. A weakness in this class of plugin can lead to stored XSS through animation settings, unsafe rendering of visual effects, unauthorized modification of design behavior, CSRF against administrators, or broken front-end integrity when dynamic animation data is injected into markup or scripts. UiCore Animate – Free Animations, Transitions, and Interactions Addon for Elementor & Gutenberg blocks version 2.2.4 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64651, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for animation, transition, visual builder, and block-enhancement plugins.
Affected versions: Min 2.2.4, max 2.2.4.
Status: SAFE & CERTIFIED