Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pencidesign — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting pencidesign. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PenciDesign operates as a software vendor specializing in WordPress themes and plugins, primarily targeting small businesses and content creators seeking customizable website templates. Security audits reveal a concerning pattern of vulnerabilities, with thirty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve Cross-Site Scripting (XSS), SQL Injection, and Unrestricted File Uploads, which frequently enable Remote Code Execution (RCE) or privilege escalation attacks. The high volume of recorded incidents suggests systemic issues in input validation and access control mechanisms within their codebase. While specific major breaches are not widely publicized, the consistent discovery of critical severity bugs indicates a need for rigorous security hygiene. Developers and administrators relying on these products must prioritize immediate patching and regular vulnerability scanning to mitigate the risk of exploitation, given the persistent nature of these security defects.

Found 12 results / 33Clear Filters
Top products by pencidesign: Soledad Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme Penci Soledad Data Migrator Penci Podcast Penci Shortcodes & Performance Penci Filter Everything Penci Recipe PenNews Soledad (WordPress theme) Penci Portfolio Penci Bookmark & Follow Penci Pay Writer Penci Review Penci AI SmartContent Creator
CVE IDTitleCVSSSeverityPublished
CVE-2026-27069 WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability — SoledadCWE-79 6.5 Medium2026-02-19
CVE-2025-64188 WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability — SoledadCWE-266 9.8 Critical2025-12-18
CVE-2025-68066 WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability — SoledadCWE-98 7.5 High2025-12-16
CVE-2025-59588 WordPress Soledad Theme <= 8.6.8 - Local File Inclusion Vulnerability — SoledadCWE-98 7.5 High2025-09-22
CVE-2025-59589 WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability — SoledadCWE-79 6.5 Medium2025-09-22
CVE-2025-8143 Soledad <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h' — SoledadCWE-79 6.4 Medium2025-08-16
CVE-2025-8105 Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution — SoledadCWE-94 7.3 High2025-08-16
CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout' — SoledadCWE-98 8.8 High2025-08-16
CVE-2024-11289 Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion — SoledadCWE-98 8.1 High2024-12-06
CVE-2024-31369 WordPress Soledad theme <= 8.4.2 - Cross Site Request Forgery (CSRF) vulnerability — SoledadCWE-352 5.4 Medium2024-04-09
CVE-2024-31368 WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability — SoledadCWE-862 6.5 Medium2024-04-09
CVE-2024-31367 WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability — SoledadCWE-862 7.1 High2024-04-09

This page lists every published CVE security advisory associated with pencidesign. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.