3 matches found
CVE-2024-13689 Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias
The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13689
CVE-2024-13689 affects the Uncode Core WordPress plugin. Public details from Wordfence indicate the vulnerability is in Uncode Core
CVE-2024-13689 Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias
The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...