8 matches found
CVE-2023-49825
CVE-2023-49825 concerns an SQL Injection in the Soledad WordPress Theme (Soledad – Multipurpose, Newspaper, Blog & WooCommerce) by PenciDesign. Affected versions are 8.4.1 and earlier (described as n/a to 8.4.1). Root cause: improper neutralization/escaping of input elements used in SQL queries. ...
CVE-2023-49826
CVE-2023-49826 corresponds to a deserialization of untrusted data vulnerability in the Soledad WordPress theme (versions up to 8.4.1). Root cause: PHP Object Injection via untrusted data deserialization. Impact: unauthenticated remote code execution/total compromise potential on affected sites. A...
CVE-2023-49827
CVE-2023-49827 affects the Soledad WordPress theme (multipurpose/Soledad) up to version 8.4.1, enabling Reflected XSS due to improper input handling in web page generation. The Red Hat and Patchstack entries corroborate the vulnerability and list 8.4.2 as the fixed version. Recommended remediatio...
CVE-2022-3209
CVE-2022-3209 affects the Soledad WordPress theme prior to 8.2.5. The issue arises in the penci_more_slist_post_ajax AJAX action where parameters such as id and datafilter[type] are not sanitized, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability is documented acros...
CVE-2024-31367
Technical details for CVE-2024-31367 are not provided in the supplied documents. Current records only note a missing authorization vulnerability affecting PenciDesign Soledad up to version 8.4.2; monitor for official updates, patches, and affected releases.
CVE-2024-31368
CVE-2024-31368 is a Missing Authorization vulnerability in the PenciDesign Soledad WordPress theme, affecting Soledad builds up to 8.4.2 (and noted as affected from n/a to 8.4.2 in the initial document). Connected sources confirm this is a real issue with the Soledad theme, and Red Hat/Wordfence ...
CVE-2022-41788
The CVE-2022-41788 issue affects the Soledad premium theme for WordPress (versions ≤ 8.2.5). It is an authenticated XSS vulnerability exploitable by users with subscriber-level access or higher, caused by insufficient sanitisation/escaping of a parameter. A fix is available: upgrade the Soledad t...
CVE-2024-31369
The CVE-2024-31369 entry describes a CSRF vulnerability in the PenciDesign Soledad WordPress theme, affecting Soledad versions from n/a up to 8.4.2. The provided metrics (CVSS 3.1) indicate a base score of 5.4 (Medium) with impact on integrity/availability at LOW, confidentiality not impacted, in...