2 matches found
CVE-2024-13667
creationtimestamp| type| source ---|---|--- 2025-02-18 11:15:46+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lih53me7f72y 2025-02-18 12:38:02+00:00| seen| https://t.me/cvedetector/18315 2025-02-18 13:56:44+00:00| seen|...
CVE-2024-13667 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description
The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...