WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability
CVE-2023-51515

8.8HIGH

Key Information:

Vendor: WordPress
Status: Uncode Core
Vendor: CVE Published:; 12 April 2024

Summary

The vulnerability identified in Undsgn Uncode Core introduces a missing authorization flaw that could be exploited for privilege escalation. This issue impacts versions of the Uncode Core plugin in WordPress, allowing an attacker to gain elevated privileges and potentially access restricted functionalities without proper authorization. Users of versions from n/a to 2.8.8 may be at risk. Timely patching and updates are recommended to mitigate potential exploitation risks.

Affected Version(s)

Uncode Core <= 2.8.8

References

https://patchstack.com/database/vulnerability/uncode-core...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2024
Vulnerability Reserved
Dec 20, 2023

Credit

Rafie Muhammad (Patchstack)