Pencidesign

Soledad

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-27069

  • EPSS 0.03%
  • Veröffentlicht 19.02.2026 08:27:11
  • Zuletzt bearbeitet 20.02.2026 15:20:30

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.7.2.

9.8

CVE-2025-64188

  • EPSS 0.06%
  • Veröffentlicht 18.12.2025 07:22:10
  • Zuletzt bearbeitet 20.01.2026 15:18:40

Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9.

7.5

CVE-2025-68066

  • EPSS 0.17%
  • Veröffentlicht 16.12.2025 08:13:01
  • Zuletzt bearbeitet 20.01.2026 15:19:36

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.7.0.

6.5

CVE-2025-59589

  • EPSS 0.03%
  • Veröffentlicht 22.09.2025 19:16:27
  • Zuletzt bearbeitet 22.09.2025 21:22:16

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad allows DOM-Based XSS. This issue affects Soledad: from n/a through 8.6.8.

7.5

CVE-2025-59588

  • EPSS 0.11%
  • Veröffentlicht 22.09.2025 19:16:27
  • Zuletzt bearbeitet 22.09.2025 21:22:16

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad allows PHP Local File Inclusion. This issue affects Soledad: from n/a through 8.6.8.

6.4

CVE-2025-8143

  • EPSS 0.03%
  • Veröffentlicht 16.08.2025 11:11:24
  • Zuletzt bearbeitet 18.08.2025 20:16:28

The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for aut...

7.3

CVE-2025-8105

  • EPSS 0.29%
  • Veröffentlicht 16.08.2025 11:11:24
  • Zuletzt bearbeitet 18.08.2025 20:16:28

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_...

8.8

CVE-2025-8142

  • EPSS 0.1%
  • Veröffentlicht 16.08.2025 11:11:23
  • Zuletzt bearbeitet 18.08.2025 20:16:28

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inclu...

8.1

CVE-2024-11289

  • EPSS 0.38%
  • Veröffentlicht 06.12.2024 10:15:05
  • Zuletzt bearbeitet 06.12.2024 10:15:05

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This ma...

5.4

CVE-2024-31369

  • EPSS 0.16%
  • Veröffentlicht 09.04.2024 09:15:25
  • Zuletzt bearbeitet 02.07.2025 14:14:25

Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.