WordPress Plugin Vulnerabilities

Uncode Core < 2.8.9 - Privilege Escalation

Description

The Uncode Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.8.8. This makes it possible for subscribers to escalate their privileges to those of a higher level account.

Affects Plugins

Plugin icon
uncode-core
Fixed in 2.8.9

References

CVE
CVE-2023-51515
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bb5e6767-d0a9-4ac4-816f-6fb57b1e5f9b

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
5358902f-eae3-41d2-9ce2-889208a01fa2

Timeline

Publicly Published
2023-12-21 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-08-14
Title
CodeablePress <= 1.0.0 - Missing Authorization
Published
2023-01-06
Title
ContentStudio < 1.2.6 - Unauthorised Function Calls
Published
2025-09-26
Title
Grand Conference Theme Custom Post Type < 2.6.4 - Missing Authorization
Published
2026-02-18
Title
Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches < 21.0.10 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update
Published
2026-01-16
Title
Element Invader – Template Kits for Elementor < 1.2.5 - Missing Authorization