Approved changes feed: RSS · Atom
cpe:2.3:a:pencidesign:soledad:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pencidesign (014d8474-b95d-55a1-bf73-aaaad687f842) |
|---|---|
| Product | Soledad (0a7280af-ddcc-5b01-b452-df2b8bd4b7b0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-27069 |
vulnerable | 2026-06-03 15:18:05.964666 |
WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.7.2.
Published: 2026-02-19T08:27:11.180Z
Updated: 2026-04-28T16:15:00.799Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8143 |
vulnerable | 2026-06-03 15:13:42.988520 |
Soledad <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h'
MEDIUM (6.4)
The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-08-16T11:11:24.852Z
Updated: 2026-04-08T17:30:36.692Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8142 |
vulnerable | 2026-06-03 15:13:42.988150 |
Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout'
HIGH (8.8)
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
Published: 2025-08-16T11:11:23.436Z
Updated: 2026-04-08T17:02:59.114Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8105 |
vulnerable | 2026-06-03 15:13:42.739509 |
Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution
HIGH (7.3)
The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Published: 2025-08-16T11:11:24.459Z
Updated: 2026-04-08T17:13:34.024Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68066 |
vulnerable | 2026-06-03 15:11:02.806436 |
WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability
HIGH (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.7.0.
Published: 2025-12-16T08:13:01.813Z
Updated: 2026-04-28T19:57:34.791Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64188 |
vulnerable | 2026-06-03 15:09:37.451643 |
WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability
CRITICAL (9.8)
Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9.
Published: 2025-12-18T07:22:10.139Z
Updated: 2026-04-28T18:22:37.818Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59589 |
vulnerable | 2026-06-03 15:06:25.507828 |
WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.6.8.
Published: 2025-09-22T18:25:47.876Z
Updated: 2026-05-12T01:04:40.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59588 |
vulnerable | 2026-06-03 15:06:25.507384 |
WordPress Soledad Theme <= 8.6.8 - Local File Inclusion Vulnerability
HIGH (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.6.8.
Published: 2025-09-22T18:25:48.562Z
Updated: 2026-04-28T16:13:53.031Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31369 |
vulnerable | 2026-06-03 14:55:39.525303 |
WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (5.4)
Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
Published: 2024-04-09T08:28:00.839Z
Updated: 2026-04-28T16:09:31.683Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31368 |
vulnerable | 2026-06-03 14:55:39.524993 |
WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability
MEDIUM (6.5)
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
Published: 2024-04-09T08:21:06.542Z
Updated: 2026-04-28T16:09:31.709Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31367 |
vulnerable | 2026-06-03 14:55:39.523191 |
WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability
HIGH (7.1)
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
Published: 2024-04-09T08:15:53.091Z
Updated: 2026-04-28T16:09:31.666Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11289 |
vulnerable | 2026-06-03 14:54:13.833006 |
Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion
HIGH (8.1)
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows.
Published: 2024-12-06T09:22:59.584Z
Updated: 2026-04-08T17:09:26.985Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.