Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pencidesign — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting pencidesign. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by pencidesign:SoledadSoledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress ThemePenci Soledad Data MigratorPenci PodcastPenci Shortcodes & PerformancePenci Filter EverythingPenci RecipePenNewsSoledad (WordPress theme)Penci PortfolioPenci Bookmark & FollowPenci Pay WriterPenci ReviewPenci AI SmartContent Creator
CVE IDTitleCVSSSeverityPublished
CVE-2026-27054 WordPress Penci Soledad Data Migrator plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability — Penci Soledad Data MigratorCWE-79 7.1 High2026-03-25
CVE-2026-27059 WordPress Penci Recipe plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability — Penci RecipeCWE-79 6.1AIMediumAI2026-02-19
CVE-2026-27058 WordPress Penci Podcast plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability — Penci PodcastCWE-79 6.1AIMediumAI2026-02-19
CVE-2026-27069 WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability — SoledadCWE-79 6.1AIMediumAI2026-02-19
CVE-2026-27057 WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability — Penci Filter EverythingCWE-79 5.4AIMediumAI2026-02-19
CVE-2026-27055 WordPress Penci AI SmartContent Creator plugin <= 2.0 - Broken Access Control vulnerability — Penci AI SmartContent CreatorCWE-862 9.1AICriticalAI2026-02-19
CVE-2026-24600 WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability — Penci ReviewCWE-79 6.5 Medium2026-01-23
CVE-2026-24601 WordPress Penci Pay Writer plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability — Penci Pay WriterCWE-79 6.5 Medium2026-01-23
CVE-2026-24354 WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability — Penci Shortcodes & PerformanceCWE-79 6.1AIMediumAI2026-01-22
CVE-2025-64223 WordPress PenNews theme < 6.7.3 - Local File Inclusion vulnerability — PenNewsCWE-98 9.1AICriticalAI2025-12-18
CVE-2025-64188 WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability — SoledadCWE-266 8.4AIHighAI2025-12-18
CVE-2025-68066 WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability — SoledadCWE-98 9.1AICriticalAI2025-12-16
CVE-2025-67572 WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability — PenNewsCWE-862 9.1AICriticalAI2025-12-09
CVE-2025-49909 WordPress Penci Bookmark & Follow plugin < 2.4 - Cross Site Scripting (XSS) vulnerability — Penci Bookmark & FollowCWE-79 7.1 High2025-11-06
CVE-2025-59583 WordPress Penci Filter Everything Plugin < 1.7 - Cross Site Scripting (XSS) Vulnerability — Penci Filter EverythingCWE-79 6.5 Medium2025-09-22
CVE-2025-59584 WordPress Penci Podcast Plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability — Penci PodcastCWE-79 6.5 Medium2025-09-22
CVE-2025-59585 WordPress Penci Recipe Plugin <= 4.0 - Cross Site Scripting (XSS) Vulnerability — Penci RecipeCWE-79 6.5 Medium2025-09-22
CVE-2025-59586 WordPress Penci Portfolio Plugin <= 3.5 - Cross Site Scripting (XSS) Vulnerability — Penci PortfolioCWE-79 6.5 Medium2025-09-22
CVE-2025-59588 WordPress Soledad Theme <= 8.6.8 - Local File Inclusion Vulnerability — SoledadCWE-98 7.5 High2025-09-22
CVE-2025-59587 WordPress Penci Shortcodes & Performance Plugin < 6.1 - Cross Site Scripting (XSS) Vulnerability — Penci Shortcodes & PerformanceCWE-79 6.5 Medium2025-09-22
CVE-2025-59589 WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability — SoledadCWE-79 6.5 Medium2025-09-22
CVE-2025-8143 Soledad <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h' — SoledadCWE-79 6.4 Medium2025-08-16
CVE-2025-8105 Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution — SoledadCWE-94 7.3 High2025-08-16
CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout' — SoledadCWE-98 8.8 High2025-08-16
CVE-2024-11289 Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion — SoledadCWE-98 8.1 High2024-12-06
CVE-2024-3551 Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion — Penci Soledad Data MigratorCWE-98 9.8 Critical2024-05-17
CVE-2024-31369 WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability — SoledadCWE-352 5.4 Medium2024-04-09
CVE-2024-31368 WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability — SoledadCWE-862 6.5 Medium2024-04-09
CVE-2024-31367 WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability — SoledadCWE-862 7.1 High2024-04-09
CVE-2023-49826 WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection — Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress ThemeCWE-502 8.1 High2023-12-21

This page lists every published CVE security advisory associated with pencidesign. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.