Soledad@* Security Vulnerabilities and Issues — Soledad@* CVE List

Lucene search

PencidesignSoledad*

12 matches found

CVE•added 2023/12/20 4:15 p.m.•95 views

CVE-2023-49825

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.

8.5CVSS8.4AI score0.00131EPSS

CVE•added 2023/12/21 1:15 p.m.•86 views

CVE-2023-49826

Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.

9.8CVSS8.9AI score0.00666EPSS

CVE•added 2023/12/14 3:15 p.m.•60 views

CVE-2023-49827

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from...

7.1CVSS6.7AI score0.00193EPSS

CVE•added 2022/10/10 9:15 p.m.•54 views

CVE-2022-3209

The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.

6.1CVSS5.9AI score0.00137EPSS

CVE•added 2024/12/06 10:15 a.m.•49 views

CVE-2024-11289

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to ...

8.1CVSS8.4AI score0.00456EPSS

CVE•added 2024/04/09 9:15 a.m.•49 views

CVE-2024-31368

Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.

6.5CVSS6.5AI score0.00139EPSS

CVE•added 2024/04/09 9:15 a.m.•48 views

CVE-2024-31367

Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.

7.1CVSS6.9AI score0.00342EPSS

CVE•added 2024/04/09 9:15 a.m.•45 views

CVE-2024-31369

Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.

5.4CVSS5.4AI score0.00163EPSS

CVE•added 2022/11/18 11:15 p.m.•44 views

CVE-2022-41788

Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme

5.4CVSS5.3AI score0.00137EPSS

CVE•added yesterday•1 views

CVE-2025-8105

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthentic...

7.3CVSS7.3AI score0.00074EPSS

CVE•added yesterday•1 views

CVE-2025-8142

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server...

8.8CVSS7.3AI score0.00082EPSS

CVE•added yesterday•1 views

CVE-2025-8143

The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS5.6AI score0.00027EPSS