Vulnerabilities and security researches foruix-shortcodes uix-shortcodes

Apr 17, 2025

CVE, Research URL: CVE-2025-39574
Home page URL: Security reports for Uix Shortcodes – Compatible with Gutenberg
Application: Uix Shortcodes – Compatible with Gutenberg
Date: Apr 16, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Shortcodes allows Stored XSS. This issue affects Uix Shortcodes: from n/a through 2.0.4.
Affected versions: Min -, max -.
Status: vulnerable

Feb 05, 2025

CVE, Research URL: CVE-2025-22677
Home page URL: Security reports for Uix Shortcodes – Compatible with Gutenberg
Application: Uix Shortcodes – Compatible with Gutenberg
Date: Feb 03, 2025
Research Description: Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3.
Affected versions: Min -, max -.
Status: vulnerable

Oct 27, 2024

CVE, Research URL: CVE-2024-9772
Home page URL: Security reports for Uix Shortcodes – Compatible with Gutenberg
Application: Uix Shortcodes – Compatible with Gutenberg
Date: Oct 26, 2024
Research Description: The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions: Min -, max -.
Status: vulnerable