Themes Vulnerabilities

Soledad < 8.2.6 - Subscriber+ Cross-Site Scripting

Description

The plugin does not sanitise and escape a parameter, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks

Affects Themes

soledad
Fixed in 8.2.6

References

CVE
CVE-2022-41788

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
fd0e7294-df5f-4ee8-be61-0b8c6364912d

Timeline

Publicly Published
2022-10-30 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2024-08-19
Title
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads
Published
2026-02-26
Title
Simple Download Monitor < 4.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
Published
2024-07-10
Title
Sky Addons for Elementor < 2.5.8 - Contributor+ Stored XSS
Published
2024-05-14
Title
FS Product Inquiry <= 1.1.1 - Reflected XSS
Published
2014-08-01
Title
Traffic Analyzer 3.3.2 - js/ta_loaded.js.php aoid Parameter XSS