WordPress Soledad Theme <= 8.4.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-49827

7.1HIGH

Key Information:

Summary

A reflected XSS vulnerability in the PenciDesign Soledad WordPress Theme allows attackers to inject malicious scripts into web pages. This can be exploited when user input is not properly neutralized during page generation, potentially enabling unauthorized actions or data theft from users visiting the impacted site. The vulnerability affects all versions of the Soledad theme up to 8.4.1.

Affected Version(s)

Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme <= 8.4.1

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.