Uncode — Vulnerabilities & Security Advisories 4

All 4 CVE vulnerabilities found in Uncode, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-48107	WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79	7.1	High	2025-09-26
CVE-2024-13691	Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary File Read in uncode_recordMedia CWE-20	6.5	Medium	2025-02-18
CVE-2024-13667	Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description CWE-79	5.4	Medium	2025-02-18
CVE-2024-13681	Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed CWE-20	7.5	High	2025-02-18

All 4 known CVE vulnerabilities affecting Uncode with full Chinese analysis, references, and POCs where available.