CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31367 – WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31367
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. The Soledad theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 8.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-2-authenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31368 – WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31368
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. The Soledad theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 8.4.5. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-2-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31369 – WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31369
Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. The Soledad theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42479 – Soledad <= 8.2.5 - Missing Authorization
https://notcve.org/view.php?id=CVE-2022-42479
The Soledad plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on one of its functions in versions up to, and including, 8.2.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function that was not intended for their use. • CWE-862: Missing Authorization •