Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PenciDesign — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting PenciDesign. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PenciDesign operates as a software vendor specializing in WordPress themes and plugins, primarily targeting small businesses and content creators seeking customizable website templates. Security audits reveal a concerning pattern of vulnerabilities, with thirty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve Cross-Site Scripting (XSS), SQL Injection, and Unrestricted File Uploads, which frequently enable Remote Code Execution (RCE) or privilege escalation attacks. The high volume of recorded incidents suggests systemic issues in input validation and access control mechanisms within their codebase. While specific major breaches are not widely publicized, the consistent discovery of critical severity bugs indicates a need for rigorous security hygiene. Developers and administrators relying on these products must prioritize immediate patching and regular vulnerability scanning to mitigate the risk of exploitation, given the persistent nature of these security defects.

Top products by PenciDesign: Soledad Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme Penci Soledad Data Migrator Penci Podcast Penci Shortcodes & Performance Penci Filter Everything Penci Recipe PenNews Soledad (WordPress theme) Penci Portfolio Penci Bookmark & Follow Penci Pay Writer Penci Review Penci AI SmartContent Creator
CVE IDTitleCVSSSeverityPublished
CVE-2026-27054 WordPress Penci Soledad Data Migrator plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability — Penci Soledad Data MigratorCWE-79 7.1 High2026-03-25
CVE-2026-27059 WordPress Penci Recipe plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability — Penci RecipeCWE-79 6.5 Medium2026-02-19
CVE-2026-27058 WordPress Penci Podcast plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability — Penci PodcastCWE-79 6.5 Medium2026-02-19
CVE-2026-27069 WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability — SoledadCWE-79 6.5 Medium2026-02-19
CVE-2026-27057 WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability — Penci Filter EverythingCWE-79 6.5 Medium2026-02-19
CVE-2026-27055 WordPress Penci AI SmartContent Creator plugin <= 2.0 - Broken Access Control vulnerability — Penci AI SmartContent CreatorCWE-862 4.3 Medium2026-02-19
CVE-2026-24600 WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability — Penci ReviewCWE-79 6.5 Medium2026-01-23
CVE-2026-24601 WordPress Penci Pay Writer plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability — Penci Pay WriterCWE-79 6.5 Medium2026-01-23
CVE-2026-24354 WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability — Penci Shortcodes & PerformanceCWE-79 6.5 Medium2026-01-22
CVE-2025-64223 WordPress PenNews theme < 6.7.3 - Local File Inclusion vulnerability — PenNewsCWE-98 8.1 High2025-12-18
CVE-2025-64188 WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability — SoledadCWE-266 9.8 Critical2025-12-18
CVE-2025-68066 WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability — SoledadCWE-98 7.5 High2025-12-16
CVE-2025-67572 WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability — PenNewsCWE-862 5.3 Medium2025-12-09
CVE-2025-49909 WordPress Penci Bookmark & Follow plugin < 2.4 - Cross Site Scripting (XSS) vulnerability — Penci Bookmark & FollowCWE-79 7.1 High2025-11-06
CVE-2025-59583 WordPress Penci Filter Everything Plugin < 1.7 - Cross Site Scripting (XSS) Vulnerability — Penci Filter EverythingCWE-79 6.5 Medium2025-09-22
CVE-2025-59584 WordPress Penci Podcast Plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability — Penci PodcastCWE-79 6.5 Medium2025-09-22
CVE-2025-59585 WordPress Penci Recipe Plugin <= 4.0 - Cross Site Scripting (XSS) Vulnerability — Penci RecipeCWE-79 6.5 Medium2025-09-22
CVE-2025-59586 WordPress Penci Portfolio Plugin <= 3.5 - Cross Site Scripting (XSS) Vulnerability — Penci PortfolioCWE-79 6.5 Medium2025-09-22
CVE-2025-59588 WordPress Soledad Theme <= 8.6.8 - Local File Inclusion Vulnerability — SoledadCWE-98 7.5 High2025-09-22
CVE-2025-59587 WordPress Penci Shortcodes & Performance Plugin < 6.1 - Cross Site Scripting (XSS) Vulnerability — Penci Shortcodes & PerformanceCWE-79 6.5 Medium2025-09-22
CVE-2025-59589 WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability — SoledadCWE-79 6.5 Medium2025-09-22
CVE-2025-8143 Soledad <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h' — SoledadCWE-79 6.4 Medium2025-08-16
CVE-2025-8105 Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution — SoledadCWE-94 7.3 High2025-08-16
CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout' — SoledadCWE-98 8.8 High2025-08-16
CVE-2024-11289 Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion — SoledadCWE-98 8.1 High2024-12-06
CVE-2024-3551 Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion — Penci Soledad Data MigratorCWE-98 9.8 Critical2024-05-17
CVE-2024-31369 WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability — SoledadCWE-352 5.4 Medium2024-04-09
CVE-2024-31368 WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability — SoledadCWE-862 6.5 Medium2024-04-09
CVE-2024-31367 WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability — SoledadCWE-862 7.1 High2024-04-09
CVE-2023-49826 WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection — Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress ThemeCWE-502 8.1 High2023-12-21

This page lists every published CVE security advisory associated with PenciDesign. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.