87 matches found
CVE-2025-6944
The CVE records a Stored Cross-Site Scripting vulnerability in the WordPress Uncode Core plugin (
CVE-2025-6944 Uncode Core <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uncodehltext' and 'uncodetexticon' shortcodes in all versions up to, and including, 2.9.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
PT-2025-27858 · WordPress · Uncode Core
Name of the Vulnerable Software and Affected Versions: Uncode Core plugin for WordPress versions up to, and including, 2.9.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the uncode hl...
WordPress plugin Uncode Core 跨站脚本漏洞
WordPress Uncode Core is a creative multipurpose theme for the WordPress platform. WordPress Uncode Core suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping, which can be exploited by an attacker to steal user session information by...
CVE-2023-51501
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...
CVE-2023-51500
Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8...
CVE-2023-51515
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8...
CVE-2024-13689
The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13667
The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2024-13691
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...
CVE-2024-13681
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...
CVE-2024-13689
The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13689 Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias
The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13689
CVE-2024-13689 affects the Uncode Core WordPress plugin. Public details from Wordfence indicate the vulnerability is in Uncode Core
CVE-2024-13689 Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias
The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13681
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...
CVE-2024-13691
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...
CVE-2024-13681
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...
CVE-2024-13667
The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2024-13667
The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...