CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51500 – WordPress Uncode Core plugin <= 2.8.8 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2023-51500
Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8. Vulnerabilidad de autorización faltante en Undsgn Uncode Core. Este problema afecta a Uncode Core: desde n/a hasta 2.8.8. The uncode-core plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers with subscriber level access or higher to delete arbitrary files on the site. • https://patchstack.com/database/vulnerability/uncode-core/wordpress-uncode-core-plugin-2-8-8-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51515 – WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-51515
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8. La vulnerabilidad de autorización faltante en Undsgn Uncode Core permite la escalada de privilegios. Este problema afecta a Uncode Core: desde n/a hasta 2.8.8. The Uncode Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.8.8. This makes it possible for subscribers to escalate their privileges to those of a higher level account. • https://patchstack.com/database/vulnerability/uncode-core/wordpress-uncode-core-plugin-2-8-8-privilege-escalation-vulnerability?_s_id=cve • CWE-862: Missing Authorization •