How severe is CVE-2025-1054?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2025-1054?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-1054 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Related Vulnerabilities

CVE-2012-3341

MEDIUM

CVSS:6.4(Medium)

IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a ...

CWE-792012

CVE-2016-2138

MEDIUM

CVSS:6.4(Medium)

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.

CWE-792016

CVE-2016-2139

MEDIUM

CVSS:6.4(Medium)

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.

CWE-792016

CVE-2019-3769

MEDIUM

CVSS:6.4(Medium)

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to st...

CWE-792019

CVE-2019-3770

MEDIUM

CVSS:6.4(Medium)

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could expl...

CWE-792019

CVE-2019-7004

MEDIUM

CVSS:6.4(Medium)

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product ve...

CWE-792019