Browse all 4 CVE security advisories affecting pencilwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pencilwp is a WordPress security plugin focused on protecting websites from common vulnerabilities. Historically, it has been associated with multiple security issues, including cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities, with four CVEs recorded to date. The plugin's security characteristics have been inconsistent, with some versions containing flaws that could allow attackers to execute arbitrary code or escalate privileges. While intended to enhance WordPress security, the plugin's own vulnerabilities have made it a vector for attacks in certain cases, highlighting the importance of regular updates and thorough security vetting of security tools themselves.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24605 | WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability — X Addons for ElementorCWE-862 | 4.3 | Medium | 2026-01-23 |
| CVE-2026-22518 | WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability — X Addons for ElementorCWE-79 | 6.5 | Medium | 2026-01-08 |
| CVE-2025-9204 | X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field — X Addons for ElementorCWE-79 | 6.4 | Medium | 2025-10-03 |
| CVE-2025-48132 | WordPress X Addons for Elementor plugin <= 1.0.16 - Cross Site Scripting (XSS) Vulnerability — X Addons for ElementorCWE-79 | 6.5 | Medium | 2025-05-16 |
This page lists every published CVE security advisory associated with pencilwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.