WordPress Soledad Theme <= 8.4.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-49827
7.1HIGH
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 14 December 2023
Summary
A reflected XSS vulnerability in the PenciDesign Soledad WordPress Theme allows attackers to inject malicious scripts into web pages. This can be exploited when user input is not properly neutralized during page generation, potentially enabling unauthorized actions or data theft from users visiting the impacted site. The vulnerability affects all versions of the Soledad theme up to 8.4.1.
Affected Version(s)
Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme <= 8.4.1
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafie Muhammad (Patchstack)