CVE-2022-42479 - Vulnerability Details

Description

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Soledad: from n/a through 8.2.5.

Published: 2026-06-11

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Missing authorization in the Soledad theme allows attackers to trigger features that should be restricted by ACLs, potentially exposing sensitive data or enabling unauthorized actions. The vulnerability can lead to exploitation of account privileges or misconfiguration, possibly resulting in data compromise or unauthorized content modifications.

Affected Systems

TemplateHouse Soledad premium theme, all versions up to and including 8.2.5, is impacted. WordPress sites using any of these versions are susceptible to the missing ACL enforcement.

Risk and Exploitability

With a CVSS score of 5.4, the flaw represents medium severity. The EPSS score is not available, and it is not listed in the CISA KEV catalog. The likely attack vector involves an authenticated user or compromised account exploiting the theme’s unsecured functionality; mitigation requires patching.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TemplateHouse

Soledad

unaffected

Version	Status	Constraints
`n/a`	affected	≤ 8.2.5

No data.

No data available yet.

Remediation

Vendor Solution

Update the WordPress soledad theme to the latest available version (at least 8.2.6).

OpenCVE Recommended Actions

Update the Soledad theme to version 8.2.6 or later.
If an immediate update is not possible, restrict or disable access to the compromised functionality by removing the theme or editing permissions.
Review and tighten user role permissions to minimize exposure to unauthorized operations.

Generated by OpenCVE AI on June 11, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00056.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://patchstack.com/database/wordpress/theme/soledad/vulnerability/wordpress-soledad-premium-theme-8-2-5-broken-access-control-vulnerability?_s_id=cve

History

Thu, 11 Jun 2026 10:00:00 +0000

Type	Values Removed	Values Added
Description		Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5.
Title		WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability
Weaknesses		CWE-862
References		https://patchstack.com/database/wordpress/theme/soledad/vulnerability/wordpress-soledad-premium-theme-8-2-5-broken-access-control-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2026-06-11T09:47:50.956Z

Updated: 2026-06-11T09:47:50.956Z

Reserved: 2022-10-19T11:40:57.188Z

Link: CVE-2022-42479

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-11T10:16:19.840

Modified: 2026-06-11T10:16:19.840

Link: CVE-2022-42479

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-11T11:30:06Z

Weaknesses

CWE-862
Missing Authorization

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-42479", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2022-10-19T11:40:57.188Z", "datePublished": "2026-06-11T09:47:50.956Z", "dateUpdated": "2026-06-11T09:47:50.956Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-06-11T09:47:50.956Z"}, "title": "WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "affected": [{"vendor": "TemplateHouse", "product": "Soledad", "collectionURL": "https://wordpress.org/themes", "packageName": "soledad", "versions": [{"status": "affected", "version": "n/a", "lessThanOrEqual": "8.2.5", "changes": [{"at": "8.2.6", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Soledad: from n/a through 8.2.5.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs.<p>This issue affects Soledad: from n/a through 8.2.5.</p>"}]}], "tags": ["x_open-source"], "references": [{"url": "https://patchstack.com/database/wordpress/theme/soledad/vulnerability/wordpress-soledad-premium-theme-8-2-5-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Update the WordPress soledad theme to the latest available version (at least 8.2.6).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Update the WordPress soledad theme to the latest available version (at least 8.2.6)."}]}], "credits": [{"lang": "en", "value": "Dave Jong | Patchstack", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object