CVE-2026-27069 WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through = 8.7.2...

CVE-2025-64188

CVE-2025-64188 affects the WordPress plugin/theme PenciDesign Soledad (versions n/a–8.6.9). Root cause: incorrect privilege assignment that enables privilege escalation. Impact: subscribers can potentially take over WordPress sites. Remediation: update Soledad to a version later than 8.6.9 (per P...

CVE-2025-68066 WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through = 8.7.0...

WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Soledad versions = 8.7.0...

WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Theme Soledad versions = 8.6.9...

CVE-2025-59588

CVE-2025-59588 describes an authenticated Local File Inclusion in the Soledad WordPress theme (Soledad

CVE-2025-59589 WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through = 8.6.8...

WordPress Soledad theme <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'pcsmlsmartlistsh' vulnerability discovered by stealthcopter in WordPress Theme Soledad versions = 8.6.7...

WordPress Soledad Theme <= 8.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-8143 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2b64551fa293 Credits stealthcopter Required privilege...

WordPress plugin Soledad 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2024-31369 WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2...

WordPress Soledad Theme <= 8.4.5 is vulnerable to Broken Access Control

Software Soledad Type Theme Vulnerable versions = 8.4.5 Fixed in 8.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31367 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e4cc84a70d34 Credits Rafie Muhammad Patchstack Required...

WordPress Soledad Theme <= 8.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Soledad Type Theme Vulnerable versions = 8.4.5 Fixed in 8.4.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31369 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ccaa49033795 Credits Rafie Muhammad Patchstack...

CVE-2023-49826 WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1...

WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49825 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID a78a84399460 Credits Rafie Muhammad Patchstack Required privilege...

WordPress Soledad Theme <= 8.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49827 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4415c6f5a085 Credits Rafie Muhammad Patchstack Required...

WordPress theme Soledad premium 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress theme soledad 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress theme is a theme for WordPress. cross-site scripting vulnerability exists in versions prior to WordPress soledad 8.2.5, which stems from its failure to clear a certain parameter, an...