CVE-2024-13691 – The Uncode WordPress theme has a vulnerability ... (How to Fix)

Q: What is the severity of CVE-2024-13691?

CVE-2024-13691 has a CVSS score of 6.5 (MEDIUM). The Uncode WordPress theme has a vulnerability that allows authenticated attackers with Subscriber-level access or higher to read arbitrary files on the server. This occurs due to insufficient input validation in the 'uncode_recordMedia' function. All WordPress sites using Uncode theme versions up to 2.9.1.6 are affected.

📋 TL;DR

The Uncode WordPress theme has a vulnerability that allows authenticated attackers with Subscriber-level access or higher to read arbitrary files on the server. This occurs due to insufficient input validation in the 'uncode_recordMedia' function. All WordPress sites using Uncode theme versions up to 2.9.1.6 are affected.

💻 Affected Systems

Products:

Uncode WordPress Theme

Versions: All versions up to and including 2.9.1.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with Uncode theme installed. Attackers need at least Subscriber-level authenticated access.

📦 What is this software?

Uncode by Undsgn

View all CVEs affecting Uncode →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive files like wp-config.php containing database credentials, SSH keys, or other configuration files, potentially leading to full site compromise.

🟠

Likely Case

Attackers will read configuration files to steal database credentials and escalate privileges or access sensitive user data.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to file disclosure without further exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.1.7 or later

Vendor Advisory: https://support.undsgn.com/hc/en-us/articles/213454129-Change-Log

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for Uncode theme updates. 4. Update to version 2.9.1.7 or later. 5. Clear any caching plugins/CDN caches.

🔧 Temporary Workarounds

Restrict user registration

all

Disable new user registration to prevent attackers from obtaining Subscriber accounts

Remove vulnerable function

all

Temporarily disable or remove the uncoderecordMedia function from theme files

🧯 If You Can't Patch

Implement strict access controls and monitor for suspicious file read attempts
Use web application firewall rules to block requests to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes > Uncode theme details for version number

Check Version:

wp theme list --field=name,version --format=csv | grep Uncode

Verify Fix Applied:

Confirm Uncode theme version is 2.9.1.7 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual file read requests from authenticated users
Requests to uncoderecordMedia endpoint with file path parameters

Network Indicators:

HTTP POST requests to /wp-admin/admin-ajax.php with action=uncode_recordMedia

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND post_data CONTAINS "uncode_recordMedia" AND post_data CONTAINS "file="

📊 Metadata

CVE ID: CVE-2024-13691

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-20

EPSS Score: 0.15% exploit probability (36.2th percentile)

Published: February 18, 2025

Last Updated: February 21, 2025

🔗 References

https://support.undsgn.com/hc/en-us/articles/213454129-Change-Log Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/d592141d-191b-4739-bc0a-07549ef2f31b?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13691, you might also want to check these: