87 matches found
CVE-2024-13691
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...
CVE-2024-13691 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary File Read in uncode_recordMedia
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...
CVE-2024-13691 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary File Read in uncode_recordMedia
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncoderecordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary...
CVE-2024-13691
CVE-2024-13691 affects Uncode (WordPress)
CVE-2024-13667 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description
The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2024-13667
CVE-2024-13667 (Uncode Theme, WordPress) : Wordfence and NVD describe a stored XSS in the Uncode theme via the mle-description parameter, affecting Uncode versions up to 2.9.1.6. An authenticated user with Subscriber-level access or higher can inject scripts into pages, which execute when other u...
CVE-2024-13667 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description
The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2024-13681
CVE-2024-13681 affects the WordPress theme Uncode. The vulnerability is an unauthenticated arbitrary file read due to insufficient input validation in the uncode_admin_get_oembed function, affecting all versions up to 2.9.1.6. Patch/mitigation: upgrade to Uncode 2.9.1.6 or apply the vendor fix th...
CVE-2024-13681 Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...
CVE-2024-13681 Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...
WordPress plugin Uncode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...
WordPress plugin Uncode Core 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
WordPress plugin Uncode 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...
WordPress plugin Uncode 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...
WordPress Uncode theme <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary File Read in uncode_recordMedia vulnerability
Authenticated Subscriber+ Arbitrary File Read in uncoderecordMedia vulnerability discovered by mikemyers in WordPress Theme Uncode versions = 2.9.1.6...
WordPress Uncode Core plugin <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution in uncodegetmedias vulnerability discovered by mikemyers in WordPress Plugin Uncode Core versions = 2.9.1.6...
WordPress Uncode theme <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via mle-description vulnerability discovered by mikemyers in WordPress Theme Uncode versions = 2.9.1.6...
WordPress Uncode plugin <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed vulnerability
Unauthenticated Arbitrary File Read in uncodeadmingetoembed vulnerability discovered by mikemyers in WordPress Theme Uncode versions = 2.9.1.6...
CVE-2023-51500
Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8...
CVE-2023-51500 WordPress Uncode Core plugin <= 2.8.8 - Arbitrary File Deletion vulnerability
Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8...