WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection
CVE-2023-49825

8.5HIGH

Key Information:

Vendor: Wordpress
Status: Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme
Vendor: CVE Published:; 20 December 2023

What is CVE-2023-49825?

An SQL Injection vulnerability in the PenciDesign Soledad WordPress theme allows attackers to manipulate SQL queries through unsanitized input. This can lead to unauthorized data access or modification. Versions affected include all those prior to 8.4.1, leaving sites using this theme at risk if not updated. Website owners are strongly advised to implement the latest patches to mitigate potential threats.

Affected Version(s)

Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme <= 8.4.1

References

https://patchstack.com/database/vulnerability/soledad/wor...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Nov 30, 2023

Credit

Rafie Muhammad (Patchstack)