CVE-2022-3209

Name of the Vulnerable Software and Affected Versions Soledad WordPress theme versions prior to 8.2.5

Description The issue arises from the lack of sanitization of certain parameters, including id and datafilter[type], in the penci more slist post ajax AJAX action. This leads to a Reflected Cross-Site Scripting (XSS) issue, which can be exploited by attackers. XSS is a type of attack where an attacker injects malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session.

Recommendations For Soledad WordPress theme versions prior to 8.2.5, update to version 8.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the penci more slist post ajax AJAX action until the update can be applied. Avoid using the parameters id and datafilter[type] in the affected AJAX endpoint until the issue is resolved.