← Back

Pencidesign

pencidesign

8 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Soledad
soledad
8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-31369
1Pencidesign
1Soledad
Jun 17, 2026
Apr 9, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2024-31368
1Pencidesign
1Soledad
Jun 17, 2026
Apr 9, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2024-31367
1Pencidesign
1Soledad
Jun 17, 2026
Apr 9, 2024
N/A· v4
7.1 HIGH· v3
N/A· v2
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2023-49826
1Pencidesign
1Soledad
Jun 17, 2026
Dec 21, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Them...Show more
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.Show less
CVE-2023-49825
1Pencidesign
1Soledad
Jun 17, 2026
Dec 20, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipu...Show more
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.Show less
CVE-2023-49827
1Pencidesign
1Soledad
Jun 17, 2026
Dec 14, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affe...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.Show less
CVE-2022-41788
1Pencidesign
1Soledad
Jun 17, 2026
Nov 18, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.
CVE-2022-3209
1Pencidesign
1Soledad
Jun 17, 2026
Oct 10, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.