EUVD-2025-4806

Malicious code in bioql PyPI...

EUVD-2025-4804

Malicious code in bioql PyPI...

EUVD-2025-4805

Malicious code in bioql PyPI...

CVE-2025-48107

CVE-2025-48107 corresponds to a WordPress Uncode theme vulnerability: a Reflected Cross-Site Scripting (XSS) due to improper input neutralization in Uncode

WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Uncode versions 2.9.4.4...

CVE-2024-13667

The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-13691

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...

CVE-2024-13681

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...

CVE-2024-13681

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...

CVE-2024-13691

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...

CVE-2024-13681

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...

CVE-2024-13667

The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-13691

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...

CVE-2024-13667

The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-13691 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary File Read in uncode_recordMedia

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...

CVE-2024-13691 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary File Read in uncode_recordMedia

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...

CVE-2024-13691

CVE-2024-13691 affects Uncode (WordPress)

CVE-2024-13667 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description

The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-13667

CVE-2024-13667 (Uncode Theme, WordPress) : Wordfence and NVD describe a stored XSS in the Uncode theme via the mle-description parameter, affecting Uncode versions up to 2.9.1.6. An authenticated user with Subscriber-level access or higher can inject scripts into pages, which execute when other u...

CVE-2024-13667 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description

The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...