Plattform
wordpress
Komponente
soledad
Behoben in
8.6.8
CVE-2025-8105 is a high-severity vulnerability affecting the Soledad WordPress theme, versions 0.0.0 through 8.6.7. This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes, potentially leading to unauthorized code execution and compromise of the WordPress site. The vulnerability stems from a lack of proper input validation when handling shortcodes. A patch is available from the theme developers.
The arbitrary shortcode execution vulnerability in Soledad allows attackers to inject and execute malicious shortcodes on vulnerable websites. This can lead to a wide range of consequences, including the defacement of the website, the theft of sensitive data (user credentials, database information), and the installation of malware. Attackers could potentially gain complete control over the WordPress site, using it as a launchpad for further attacks against other systems on the network. The lack of authentication required to exploit this vulnerability significantly increases the risk, as any unauthenticated user can trigger the exploit.
This vulnerability was publicly disclosed on 2025-08-16. While no public exploits have been widely reported, the ease of exploitation and the lack of authentication requirements suggest a potential for active exploitation. The vulnerability is not currently listed on the CISA KEV catalog. The potential for widespread impact across WordPress sites using the Soledad theme warrants close attention.
Websites using the Soledad WordPress theme, particularly those running versions 0.0.0 through 8.6.7, are at risk. Shared hosting environments where multiple websites share the same server resources are especially vulnerable, as a compromise of one site could potentially lead to the compromise of others. Sites with weak security configurations or outdated WordPress installations are also at increased risk.
• wordpress / composer / npm:
grep -r 'do_shortcode' /var/www/html/wp-content/themes/soledad/• wordpress / composer / npm:
wp plugin list | grep soledad• wordpress / composer / npm:
wp theme list | grep soledaddisclosure
Exploit-Status
EPSS
0.43% (62% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-8105 is to upgrade the Soledad WordPress theme to a patched version. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider temporarily disabling shortcode functionality within the theme using a WordPress plugin or by modifying the theme's core files (with caution and proper backups). Web application firewalls (WAFs) configured to detect and block malicious shortcode injections can provide an additional layer of protection. Monitor WordPress logs for suspicious shortcode activity.
Actualice el tema Soledad a la última versión disponible (posterior a 8.6.7) para mitigar la vulnerabilidad de ejecución arbitraria de shortcodes. Verifique el changelog del tema en el sitio web del desarrollador para obtener instrucciones específicas de actualización. Considere utilizar un plugin de seguridad de WordPress para ayudar a detectar y prevenir exploits.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-8105 is a high-severity vulnerability in the Soledad WordPress theme allowing unauthenticated attackers to execute arbitrary shortcodes due to insufficient input validation.
If you are using the Soledad WordPress theme version 0.0.0 through 8.6.7, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade to the latest patched version of the Soledad WordPress theme. If upgrading is not immediately possible, consider temporarily disabling shortcode functionality.
While no widespread exploitation has been confirmed, the ease of exploitation suggests a potential for active campaigns. Monitor your WordPress site closely.
Refer to the official Soledad theme developer's website or WordPress plugin repository for the latest advisory and patch information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.