Vulnerabilities > Undsgn > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-13667 | Cross-site Scripting vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-18 | CVE-2024-13691 | Unspecified vulnerability in Undsgn Uncode The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_recordMedia' function in all versions up to, and including, 2.9.1.6. | 6.5 |
| 2023-12-28 | CVE-2023-51501 | Unspecified vulnerability in Undsgn Uncode Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6. | 6.1 |