Unrated severityNVD Advisory· Published Feb 18, 2025· Updated Apr 8, 2026
Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed
CVE-2024-13681
Description
The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server.
Affected products
3Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.