CVE-2022-3209

Name
CVE-2022-3209
Description
The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://wpscan.com/vulnerability/7a244fb1-fa0b-4294-9b51-588bf5d673a2

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:pencidesign:soledad:*:*:*:*:*:wordpress:*:* soledad >= None < 8.2.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status