Local File Inclusion Flaw in PenciDesign Soledad Theme
CVE-2025-68066

Currently unrated

Key Information:

Vendor

WordPress
Status
Soledad
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68066?

The PenciDesign Soledad theme is prone to a local file inclusion vulnerability that could allow an attacker to manipulate file inclusions via improperly controlled filename parameters. This security flaw primarily affects versions of the theme up to 8.7.0, enabling unauthorized access to sensitive files on the server, which can lead to further exploitation. Users are advised to update to patched versions and implement security best practices to safeguard their websites.

Affected Version(s)

Soledad <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/soled...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68066 : Local File Inclusion Flaw in PenciDesign Soledad Theme