Lucene search
+L
PencidesignSoledad

8 matches found

CVE
CVE
added 2023/12/20 3:38 p.m.117 views

CVE-2023-49825

CVE-2023-49825 concerns an SQL Injection in the Soledad WordPress Theme (Soledad – Multipurpose, Newspaper, Blog & WooCommerce) by PenciDesign. Affected versions are 8.4.1 and earlier (described as n/a to 8.4.1). Root cause: improper neutralization/escaping of input elements used in SQL queries. ...

8.5CVSS8.6AI score0.00528EPSS
CVE
CVE
added 2023/12/21 12:34 p.m.104 views

CVE-2023-49826

CVE-2023-49826 corresponds to a deserialization of untrusted data vulnerability in the Soledad WordPress theme (versions up to 8.4.1). Root cause: PHP Object Injection via untrusted data deserialization. Impact: unauthenticated remote code execution/total compromise potential on affected sites. A...

9.8CVSS8.6AI score0.00567EPSS
CVE
CVE
added 2023/12/14 2:32 p.m.77 views

CVE-2023-49827

CVE-2023-49827 affects the Soledad WordPress theme (multipurpose/Soledad) up to version 8.4.1, enabling Reflected XSS due to improper input handling in web page generation. The Red Hat and Patchstack entries corroborate the vulnerability and list 8.4.2 as the fixed version. Recommended remediatio...

7.1CVSS7.1AI score0.00393EPSS
CVE
CVE
added 2022/10/10 12:0 a.m.67 views

CVE-2022-3209

CVE-2022-3209 affects the Soledad WordPress theme prior to 8.2.5. The issue arises in the penci_more_slist_post_ajax AJAX action where parameters such as id and datafilter[type] are not sanitized, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability is documented acros...

6.1CVSS5.9AI score0.00486EPSS
Web
CVE
CVE
added 2024/04/09 8:15 a.m.65 views

CVE-2024-31367

Technical details for CVE-2024-31367 are not provided in the supplied documents. Current records only note a missing authorization vulnerability affecting PenciDesign Soledad up to version 8.4.2; monitor for official updates, patches, and affected releases.

7.1CVSS5.1AI score0.00428EPSS
CVE
CVE
added 2024/04/09 8:21 a.m.65 views

CVE-2024-31368

CVE-2024-31368 is a Missing Authorization vulnerability in the PenciDesign Soledad WordPress theme, affecting Soledad builds up to 8.4.2 (and noted as affected from n/a to 8.4.2 in the initial document). Connected sources confirm this is a real issue with the Soledad theme, and Red Hat/Wordfence ...

6.5CVSS5.1AI score0.00437EPSS
CVE
CVE
added 2022/11/18 10:9 p.m.61 views

CVE-2022-41788

The CVE-2022-41788 issue affects the Soledad premium theme for WordPress (versions ≤ 8.2.5). It is an authenticated XSS vulnerability exploitable by users with subscriber-level access or higher, caused by insufficient sanitisation/escaping of a parameter. A fix is available: upgrade the Soledad t...

5.4CVSS5.3AI score0.00397EPSS
CVE
CVE
added 2024/04/09 8:28 a.m.61 views

CVE-2024-31369

The CVE-2024-31369 entry describes a CSRF vulnerability in the PenciDesign Soledad WordPress theme, affecting Soledad versions from n/a up to 8.4.2. The provided metrics (CVSS 3.1) indicate a base score of 5.4 (Medium) with impact on integrity/availability at LOW, confidentiality not impacted, in...

5.4CVSS5.1AI score0.00221EPSS