cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11289,https://securityvulnerability.io/vulnerability/CVE-2024-11289,Unauthenticated Local File Inclusion Vulnerability in Soledad Theme Affects WordPress Versions Up to 8.5.9,"The Soledad theme for WordPress has a local file inclusion vulnerability that affects all versions up to and including 8.5.9. Several functions, such as penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func, are susceptible to exploitation by unauthenticated attackers. This vulnerability allows the inclusion and execution of PHP files on the server, potentially leading to the execution of arbitrary PHP code. Attackers can leverage this issue to bypass access controls, access sensitive information, or achieve code execution when PHP files are uploaded and included. This vulnerability primarily affects Windows environments.",Wordpress,Soledad,8.1,HIGH,0.000910000002477318,false,,false,false,false,,false,false,2024-12-06T09:22:59.584Z,0
CVE-2023-49826,https://securityvulnerability.io/vulnerability/CVE-2023-49826,WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection,"A deserialization of untrusted data vulnerability exists in the PenciDesign Soledad WordPress theme, impacting versions from n/a up to 8.4.1. This vulnerability could allow an attacker to exploit the theme’s functionality, leading to unauthorized execution of malicious code through PHP object injection. Users of the Soledad theme are advised to update to the latest version immediately to mitigate potential risks associated with this issue.",Wordpress,"Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme",8.1,HIGH,0.001129999989643693,false,,false,false,false,,false,false,2023-12-21T13:15:00.000Z,0
CVE-2023-49825,https://securityvulnerability.io/vulnerability/CVE-2023-49825,WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection,"An SQL Injection vulnerability in the PenciDesign Soledad WordPress theme allows attackers to manipulate SQL queries through unsanitized input. This can lead to unauthorized data access or modification. Versions affected include all those prior to 8.4.1, leaving sites using this theme at risk if not updated. Website owners are strongly advised to implement the latest patches to mitigate potential threats.",Wordpress,"Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme",8.5,HIGH,0.0006200000061653554,false,,false,false,false,,false,false,2023-12-20T16:15:00.000Z,0
CVE-2023-49827,https://securityvulnerability.io/vulnerability/CVE-2023-49827,WordPress Soledad Theme <= 8.4.1 is vulnerable to Cross Site Scripting (XSS),"A reflected XSS vulnerability in the PenciDesign Soledad WordPress Theme allows attackers to inject malicious scripts into web pages. This can be exploited when user input is not properly neutralized during page generation, potentially enabling unauthorized actions or data theft from users visiting the impacted site. The vulnerability affects all versions of the Soledad theme up to 8.4.1.",Wordpress,"Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme",7.1,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2023-12-14T15:15:00.000Z,0
CVE-2022-41788,https://securityvulnerability.io/vulnerability/CVE-2022-41788,WordPress Soledad premium theme <= 8.2.5 - Auth. Cross-Site Scripting (XSS) vulnerability,Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.,Wordpress,Soledad (WordPress Theme),5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-18T23:15:00.000Z,0
CVE-2022-3209,https://securityvulnerability.io/vulnerability/CVE-2022-3209,Soledad < 8.2.5 - Reflected Cross-site Scripting,"The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.",Wordpress,Soledad,6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2022-10-10T00:00:00.000Z,0