CVE-2024-13681

CVE-2024-13681 affects the WordPress theme Uncode. The vulnerability is an unauthenticated arbitrary file read due to insufficient input validation in the uncode_admin_get_oembed function, affecting all versions up to 2.9.1.6. Patch/mitigation: upgrade to Uncode 2.9.1.6 or apply the vendor fix th...

CVE-2024-13681 Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...

CVE-2024-13681 Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...

WordPress Uncode theme <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary File Read in uncode_recordMedia vulnerability

Authenticated Subscriber+ Arbitrary File Read in uncoderecordMedia vulnerability discovered by mikemyers in WordPress Theme Uncode versions = 2.9.1.6...

WordPress Uncode theme <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via mle-description vulnerability discovered by mikemyers in WordPress Theme Uncode versions = 2.9.1.6...

CVE-2023-51501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...

WordPress Uncode Theme 1.3.1 - Arbitrary File Upload

WordPress Uncode theme is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Update the theme...