Tag: uicore-elements

I have recently reported an Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) vulnerability in the WordPress UiCore Elements plugin in versions up to and including 1.3.3. The vulnerability exists in the Accordion widget due to improper handling of HTML tag attributes, allowing malicious scripts to be injected and executed in a user’s browser session. This has…