Undsgn — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting Undsgn. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Undsgn develops web-based design and collaboration tools primarily used by creative professionals. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and access control issues. The company has addressed multiple security incidents, including a 2021 XSS vulnerability affecting multiple products that allowed attacker-controlled script execution in user browsers. While no major data breaches have been publicly reported, the consistent pattern of input validation and access control issues suggests a need for enhanced security-by-design practices in their development lifecycle.

Top products by Undsgn: Uncode Core Uncode Uncode - Creative & WooCommerce WordPress Theme

CVEs 9

CVE ID	Title	CVSS	Severity	Published
CVE-2025-48107	WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability — UncodeCWE-79	7.1	High	2025-09-26
CVE-2025-6944	Uncode Core <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes — Uncode CoreCWE-79	6.4	Medium	2025-07-04
CVE-2024-13689	Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias — Uncode CoreCWE-94	6.3	Medium	2025-02-18
CVE-2024-13691	Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary File Read in uncode_recordMedia — UncodeCWE-20	6.5	Medium	2025-02-18
CVE-2024-13667	Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description — UncodeCWE-79	5.4	Medium	2025-02-18
CVE-2024-13681	Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed — UncodeCWE-20	7.5	High	2025-02-18
CVE-2023-51500	WordPress Uncode Core plugin <= 2.8.8 - Arbitrary File Deletion vulnerability — Uncode CoreCWE-862	7.7	High	2024-04-17
CVE-2023-51515	WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability — Uncode CoreCWE-862	8.8	High	2024-04-12
CVE-2023-51501	WordPress Uncode Core Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS) — Uncode - Creative & WooCommerce WordPress ThemeCWE-79	7.1	High	2023-12-28

This page lists every published CVE security advisory associated with Undsgn. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Undsgn — Vulnerabilities & Security Advisories 9