7.5

CVE-2024-13681

Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed

Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server.
Mögliche Gegenmaßnahme
Uncode: Update to version 2.9.1.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UndsgnUncode SwPlatformwordpress Version < 2.9.1.7
Weitere Schwachstelleninformationen
SystemWordPress Theme
Produkt Uncode
Version *-2.9.1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.431
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://support.undsgn.com/hc/en-us/articles/213454129-Change-Log
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/7914ebe6-b5e1-4a1a-8794-80f515e6c9f6?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/7914ebe6-b5e1-4a1a-8794-80f515e6c9f6
Third Party Advisory