CVE-2023-51500 WordPress Uncode Core plugin <= 2.8.8 - Arbitrary File Deletion vulnerability

Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8...

WordPress Plugin Uncode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-51515

Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8...

CVE-2023-51515 WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8...

CVE-2023-51515 WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8...

PT-2024-14170 · Unknown · Uncode Core

Name of the Vulnerable Software and Affected Versions: Uncode Core versions 2.8.8 and earlier Description: The issue is related to a Missing Authorization vulnerability that allows Privilege Escalation in Uncode Core. Recommendations: For versions 2.8.8 and earlier, update to a version that...

WordPress Plugin Uncode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Uncode Core < 2.8.7 - Reflected Cross-Site Scripting

Description The uncode-core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

Uncode Core < 2.8.9 - Authenticated (Subscriber+) Arbitrary File Deletion

Description The uncode-core plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers with subscriber level access or higher to delete arbitrary files on the site...

CVE-2023-51501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...

CVE-2023-51501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...

CVE-2023-51501 WordPress Uncode Core Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...

CVE-2023-51501

CVE-2023-51501 affects Undsgn Uncode (WordPress theme) — Uncode Core

WordPress Plugin Uncode Core Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-31840 · WordPress · Uncode

Name of the Vulnerable Software and Affected Versions: Uncode - Creative & WooCommerce WordPress Theme versions 2.8.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This...

WordPress Uncode Core Plugin <= 2.8.8 is vulnerable to Arbitrary File Deletion

Software Uncode Core Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-51500 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID db4f1f58fbde Credits Rafie Muhammad Patchstack...

WordPress Uncode Core Plugin <= 2.8.8 is vulnerable to Privilege Escalation

Software Uncode Core Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51515 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID cbf9fea3f077 Credits Rafie...

WordPress Uncode Core Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Uncode Core Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51501 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 138ed2ed00c0 Credits Rafie Muhammad Patchstack Required...

WordPress Uncode Lite theme <= 1.3.3 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Uncode Lite theme versions = 1.3.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...