Login Sign Up

CVE-2024-13681

7.5 HIGH

📋 TL;DR

The Uncode WordPress theme contains an arbitrary file read vulnerability that allows unauthenticated attackers to read any file on the server. This affects all WordPress sites using Uncode theme versions up to 2.9.1.6. Attackers can potentially access sensitive configuration files, credentials, and other critical system data.

💻 Affected Systems

Products:
  • Uncode WordPress Theme
Versions: All versions up to and including 2.9.1.6
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with Uncode theme active. No special configuration required.

📦 What is this software?

Uncode by Undsgn

View all CVEs affecting Uncode →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers read sensitive files like wp-config.php containing database credentials, server configuration files, or other sensitive data leading to complete site compromise.

🟠

Likely Case

Attackers exfiltrate configuration files, source code, or other sensitive information that could enable further attacks.

🟢

If Mitigated

Attackers can only read non-sensitive files or access is blocked by proper file permissions and web server restrictions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted requests to the vulnerable endpoint. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.1.7 or later

Vendor Advisory: https://support.undsgn.com/hc/en-us/articles/213454129-Change-Log

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Click on Uncode theme. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from theme repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable function

all

Remove or disable the uncode_admin_get_oembed function in theme files

Web Application Firewall rule

all

Block requests containing file path traversal patterns to the vulnerable endpoint

🧯 If You Can't Patch

  • Temporarily switch to default WordPress theme
  • Implement strict file permissions and disable directory listing

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for Uncode theme version 2.9.1.6 or earlier

Check Version:

wp theme list --field=name,version --path=/path/to/wordpress

Verify Fix Applied:

Confirm Uncode theme version is 2.9.1.7 or later in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /wp-admin/admin-ajax.php with action=uncode_admin_get_oembed containing file path parameters
  • Multiple 200 responses for file read attempts

Network Indicators:

  • Unusual GET/POST requests to admin-ajax.php with file path parameters
  • Traffic patterns indicating file enumeration

SIEM Query:

source="web_access.log" AND uri="/wp-admin/admin-ajax.php" AND query="action=uncode_admin_get_oembed" AND (query="file=" OR query="path=")

📊 Metadata

CVE ID: CVE-2024-13681
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-20
EPSS Score: 0.7% exploit probability (71.6th percentile)
Published: February 18, 2025
Last Updated: February 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13681, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)