Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-13681
CVE-2024-13681:
WordPress vulnerability analysis and mitigation
Overview
The Uncode WordPress theme contains a vulnerability (CVE-2024-13681) related to arbitrary file read due to insufficient input validation in the 'uncodeadminget_oembed' function. This vulnerability was discovered and patched in version 2.9.1.7, released on February 4, 2025 (Uncode Changelog).
Technical details
The vulnerability exists in the 'uncodeadminget_oembed' function of the Uncode theme, which failed to properly validate input, potentially allowing unauthorized users to read arbitrary files on the system. The vulnerability has been assigned a CVSS score of 7.5, indicating a high severity level (Wordfence).
Impact
If exploited, this vulnerability could allow attackers to read arbitrary files on the affected WordPress installation, potentially exposing sensitive information and configuration details (Wordfence).
Mitigation and workarounds
Users are strongly advised to update to Uncode theme version 2.9.1.7 or later, which contains the security fix for this vulnerability. The update was released on February 4, 2025, and includes additional security improvements (Uncode Changelog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management