Pencidesign Soledad
17 CVEs affecting Pencidesign Soledad. Latest disclosed: 2026-02-19. Critical: 1, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-64188 | Critical | 9.8 | 2025-12-18 | Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9. |
CVE-2025-8142 | High | 8.8 | 2025-08-16 | The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes… |
CVE-2023-49825 | High | 8.5 | 2023-12-20 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & Woo… |
CVE-2024-11289 | High | 8.1 | 2024-12-06 | The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more… |
CVE-2023-49826 | High | 8.1 | 2023-12-21 | Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad… |
CVE-2025-68066 | High | 7.5 | 2025-12-16 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP… |
CVE-2025-59588 | High | 7.5 | 2025-09-22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP… |
CVE-2025-8105 | High | 7.3 | 2025-08-16 | The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software all… |
CVE-2024-31367 | High | 7.1 | 2024-04-09 | Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. |
CVE-2023-49827 | High | 7.1 | 2023-12-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & Woo… |
CVE-2026-27069 | Medium | 6.5 | 2026-02-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This iss… |
CVE-2025-59589 | Medium | 6.5 | 2025-09-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This iss… |
CVE-2024-31368 | Medium | 6.5 | 2024-04-09 | Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. |
CVE-2025-8143 | Medium | 6.4 | 2025-08-16 | The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7… |
CVE-2022-3209 | Medium | 6.1 | 2022-10-10 | The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a… |
CVE-2024-31369 | Medium | 5.4 | 2024-04-09 | Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. |
CVE-2022-41788 | Medium | 5.4 | 2022-11-18 | Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. |