Pencidesign Soledad

17 CVEs affecting Pencidesign Soledad. Latest disclosed: 2026-02-19. Critical: 1, High: 9.

Top CVEs affecting Pencidesign Soledad
CVESeverityScorePublishedSummary
CVE-2025-64188Critical9.82025-12-18Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9.
CVE-2025-8142High8.82025-08-16The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes…
CVE-2023-49825High8.52023-12-20Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & Woo…
CVE-2024-11289High8.12024-12-06The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more…
CVE-2023-49826High8.12023-12-21Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad…
CVE-2025-68066High7.52025-12-16Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP…
CVE-2025-59588High7.52025-09-22Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP…
CVE-2025-8105High7.32025-08-16The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software all…
CVE-2024-31367High7.12024-04-09Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2023-49827High7.12023-12-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & Woo…
CVE-2026-27069Medium6.52026-02-19Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This iss…
CVE-2025-59589Medium6.52025-09-22Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This iss…
CVE-2024-31368Medium6.52024-04-09Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2025-8143Medium6.42025-08-16The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7…
CVE-2022-3209Medium6.12022-10-10The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a…
CVE-2024-31369Medium5.42024-04-09Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2022-41788Medium5.42022-11-18Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.