Primary

Context

Soledad WordPress Theme Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

Patched

A vulnerability allowing unauthenticated users to execute arbitrary shortcodes has been identified in the Soledad WordPress theme, affecting all versions through 8.6.7. The issue arises because the theme does not properly validate values before processing shortcodes, allowing for unauthorized shortcode execution.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of shortcodes, potentially allowing attackers to inject and execute malicious code or actions on the WordPress site.

Remediation

Users are advised to update the Soledad WordPress theme to version 8.6.8 or later, where this vulnerability has been patched.

Added: Aug 16, 2025, 12:21 PM

Updated: Aug 16, 2025, 12:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

7.6

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

7.6

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Soledad WordPress Theme Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PenciDesign Soledad

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating